Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / vendor / qcom-opensource / wlan / utils / sigma-dut / 9a742ff95185beb2fe53bd75b2c93ac35cb16399 / . / server.c
blob: 682dcdc2bb244121ab938949f7b003f884a700e2 [file] [log] [blame]
Jouni Malinencd4e3c32015-10-29 12:39:56 +0200[diff] [blame]1/*
2 * Sigma Control API DUT (server)
3 * Copyright (c) 2014, Qualcomm Atheros, Inc.
Jouni Malinen2feb9132021-11-16 00:53:06 +0200[diff] [blame]4 * Copyright (c) 2018-2021, The Linux Foundation
Jouni Malinencd4e3c32015-10-29 12:39:56 +0200[diff] [blame]5 * All Rights Reserved.
6 * Licensed under the Clear BSD license. See README for more details.
7 */
8
9#include "sigma_dut.h"
Jouni Malinen3b17d532018-09-04 19:10:58 +0300[diff] [blame]10#include <sqlite3.h>
11
Jouni Malinenc54710d2019-01-23 12:34:21 +0200[diff] [blame]12#ifndef ROOT_DIR
13#define ROOT_DIR "/home/user/hs20-server"
14#endif /* ROOT_DIR */
15
Jouni Malinen3b17d532018-09-04 19:10:58 +0300[diff] [blame]16#ifndef SERVER_DB
Jouni Malinenc54710d2019-01-23 12:34:21 +0200[diff] [blame]17#define SERVER_DB ROOT_DIR "/AS/DB/eap_user.db"
Jouni Malinen3b17d532018-09-04 19:10:58 +0300[diff] [blame]18#endif /* SERVER_DB */
Jouni Malinencd4e3c32015-10-29 12:39:56 +0200[diff] [blame]19
Jouni Malinen93b170b2018-09-15 02:58:27 +0300[diff] [blame]20#ifndef CERT_DIR
Jouni Malinenc54710d2019-01-23 12:34:21 +0200[diff] [blame]21#define CERT_DIR ROOT_DIR "/certs"
Jouni Malinen93b170b2018-09-15 02:58:27 +0300[diff] [blame]22#endif /* CERT_DIR */
23
Jouni Malinencd4e3c32015-10-29 12:39:56 +0200[diff] [blame]24
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]25static enum sigma_cmd_result cmd_server_ca_get_version(struct sigma_dut *dut,
26 struct sigma_conn *conn,
27 struct sigma_cmd *cmd)
Jouni Malinen72ac93c2018-09-04 13:12:59 +0300[diff] [blame]28{
Jouni Malinendf866472019-01-23 12:21:47 +0200[diff] [blame]29 send_resp(dut, conn, SIGMA_COMPLETE, "version," SIGMA_DUT_VER);
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]30 return STATUS_SENT;
Jouni Malinen72ac93c2018-09-04 13:12:59 +0300[diff] [blame]31}
32
33
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]34static enum sigma_cmd_result cmd_server_get_info(struct sigma_dut *dut,
35 struct sigma_conn *conn,
36 struct sigma_cmd *cmd)
Jouni Malinen72ac93c2018-09-04 13:12:59 +0300[diff] [blame]37{
Jouni Malinenc54710d2019-01-23 12:34:21 +0200[diff] [blame]38 char ver[128], resp[256];
39
40 get_ver(ROOT_DIR "/spp/hs20_spp_server -v", ver, sizeof(ver));
41
42 snprintf(resp, sizeof(resp), "vendor,OSU,model,OS,version,%s", ver);
43 send_resp(dut, conn, SIGMA_COMPLETE, resp);
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]44 return STATUS_SENT;
Jouni Malinen72ac93c2018-09-04 13:12:59 +0300[diff] [blame]45}
46
47
Jouni Malinen3b17d532018-09-04 19:10:58 +0300[diff] [blame]48static int server_reset_user(struct sigma_dut *dut, const char *user)
49{
50 sqlite3 *db;
51 int res = -1;
52 char *sql = NULL;
53 const char *realm = "wi-fi.org";
54 const char *methods = "TTLS-MSCHAPV2";
55 const char *password = "ChangeMe";
56 int phase2 = 1;
57 int machine_managed = 1;
Jouni Malinen657bde62018-10-08 12:34:47 +0300[diff] [blame]58 const char *remediation = "";
Jouni Malinen3b17d532018-09-04 19:10:58 +0300[diff] [blame]59 int fetch_pps = 0;
60 const char *osu_user = NULL;
61 const char *osu_password = NULL;
Jouni Malinen7aab2052018-10-19 18:40:58 +0300[diff] [blame]62 const char *policy = NULL;
Jouni Malinen3b17d532018-09-04 19:10:58 +0300[diff] [blame]63
64 sigma_dut_print(dut, DUT_MSG_DEBUG, "Reset user %s", user);
65
66 if (sqlite3_open(SERVER_DB, &db)) {
67 sigma_dut_print(dut, DUT_MSG_ERROR,
68 "Failed to open SQLite database %s",
69 SERVER_DB);
70 return -1;
71 }
72
73 if (strcmp(user, "test01") == 0) {
Jouni Malinen657bde62018-10-08 12:34:47 +0300[diff] [blame]74 remediation = "machine";
Jouni Malinen3b17d532018-09-04 19:10:58 +0300[diff] [blame]75 } else if (strcmp(user, "test02") == 0) {
Jouni Malinen657bde62018-10-08 12:34:47 +0300[diff] [blame]76 remediation = "user";
Jouni Malinen3b17d532018-09-04 19:10:58 +0300[diff] [blame]77 machine_managed = 0;
78 } else if (strcmp(user, "test03") == 0) {
Jouni Malinen657bde62018-10-08 12:34:47 +0300[diff] [blame]79 /* UpdateInterval-based client trigger for policy update */
Jouni Malinen7aab2052018-10-19 18:40:58 +0300[diff] [blame]80 policy = "ruckus130";
Jouni Malinen3b17d532018-09-04 19:10:58 +0300[diff] [blame]81 } else if (strcmp(user, "test04") == 0) {
82 } else if (strcmp(user, "test05") == 0) {
83 } else if (strcmp(user, "test06") == 0) {
84 realm = "example.com";
85 } else if (strcmp(user, "test07") == 0) {
86 } else if (strcmp(user, "test08") == 0) {
Jouni Malinen657bde62018-10-08 12:34:47 +0300[diff] [blame]87 remediation = "machine";
Jouni Malinen3b17d532018-09-04 19:10:58 +0300[diff] [blame]88 osu_user = "testdmacc08";
89 osu_password = "P@ssw0rd";
90 } else if (strcmp(user, "test09") == 0) {
Jouni Malinen657bde62018-10-08 12:34:47 +0300[diff] [blame]91 /* UpdateInterval-based client trigger for policy update */
Jouni Malinen7aab2052018-10-19 18:40:58 +0300[diff] [blame]92 policy = "ruckus130";
Jouni Malinen364c0812018-10-15 10:37:47 +0300[diff] [blame]93 osu_user = "testdmacc09";
94 osu_password = "P@ssw0rd";
Jouni Malinen3b17d532018-09-04 19:10:58 +0300[diff] [blame]95 } else if (strcmp(user, "test10") == 0) {
Jouni Malinen657bde62018-10-08 12:34:47 +0300[diff] [blame]96 remediation = "machine";
Jouni Malinen3b17d532018-09-04 19:10:58 +0300[diff] [blame]97 methods = "TLS";
98 } else if (strcmp(user, "test11") == 0) {
99 } else if (strcmp(user, "test12") == 0) {
Jouni Malinen657bde62018-10-08 12:34:47 +0300[diff] [blame]100 remediation = "user";
Jouni Malinen3b17d532018-09-04 19:10:58 +0300[diff] [blame]101 methods = "TLS";
102 } else if (strcmp(user, "test20") == 0) {
103 } else if (strcmp(user, "test26") == 0) {
104 /* TODO: Cred01 with username/password? */
105 user = "1310026000000001";
106 methods = "SIM";
107 } else if (strcmp(user, "test30") == 0) {
108 osu_user = "testdmacc30";
109 osu_password = "P@ssw0rd";
110 } else if (strcmp(user, "test31") == 0) {
111 osu_user = "testdmacc31";
112 osu_password = "P@ssw0rd";
113 } else if (strcmp(user, "test32") == 0) {
114 osu_user = "testdmacc32";
115 osu_password = "P@ssw0rd";
116 } else if (strcmp(user, "test33") == 0) {
117 osu_user = "testdmacc33";
118 osu_password = "P@ssw0rd";
119 } else if (strcmp(user, "test34") == 0) {
120 osu_user = "testdmacc34";
121 osu_password = "P@ssw0rd";
122 } else if (strcmp(user, "test35") == 0) {
123 osu_user = "testdmacc35";
124 osu_password = "P@ssw0rd";
125 } else if (strcmp(user, "test36") == 0) {
126 } else if (strcmp(user, "test37") == 0) {
127 osu_user = "testdmacc37";
128 osu_password = "P@ssw0rd";
Jouni Malinen364c0812018-10-15 10:37:47 +0300[diff] [blame]129 } else if (strcmp(user, "testdmacc08") == 0 ||
130 strcmp(user, "testdmacc09") == 0) {
131 /* No need to set anything separate for testdmacc* users */
132 sqlite3_close(db);
133 return 0;
Jouni Malinen3b17d532018-09-04 19:10:58 +0300[diff] [blame]134 } else {
135 sigma_dut_print(dut, DUT_MSG_INFO, "Unsupported username '%s'",
136 user);
137 goto fail;
138 }
139
Jouni Malinen7aab2052018-10-19 18:40:58 +0300[diff] [blame]140 sql = sqlite3_mprintf("INSERT OR REPLACE INTO users(identity,realm,methods,password,phase2,machine_managed,remediation,fetch_pps,osu_user,osu_password,policy) VALUES (%Q,%Q,%Q,%Q,%d,%d,%Q,%d,%Q,%Q,%Q)",
Jouni Malinen3b17d532018-09-04 19:10:58 +0300[diff] [blame]141 user, realm, methods, password,
142 phase2, machine_managed, remediation, fetch_pps,
Jouni Malinen7aab2052018-10-19 18:40:58 +0300[diff] [blame]143 osu_user, osu_password, policy);
Jouni Malinen3b17d532018-09-04 19:10:58 +0300[diff] [blame]144
145 if (!sql)
146 goto fail;
147
148 sigma_dut_print(dut, DUT_MSG_DEBUG, "SQL: %s", sql);
149
150 if (sqlite3_exec(db, sql, NULL, NULL, NULL) != SQLITE_OK) {
151 sigma_dut_print(dut, DUT_MSG_ERROR, "SQL operation failed: %s",
152 sqlite3_errmsg(db));
153 } else {
154 res = 0;
155 }
156
157 sqlite3_free(sql);
158
159fail:
160 sqlite3_close(db);
161
162 return res;
163}
164
165
Jouni Malinenbbe959f2018-12-03 23:28:07 +0200[diff] [blame]166static int server_reset_serial(struct sigma_dut *dut, const char *serial)
167{
168 sqlite3 *db;
169 int res = -1;
170 char *sql = NULL;
171 const char *realm = "wi-fi.org";
172 const char *methods = "TLS";
173 int phase2 = 0;
174 int machine_managed = 1;
175 const char *remediation = "";
176 int fetch_pps = 0;
177 const char *osu_user = NULL;
178 const char *osu_password = NULL;
179 const char *policy = NULL;
180 char user[128];
Jouni Malinen2508a592019-01-23 01:07:08 +0200[diff] [blame]181 const char *cert = "";
182 const char *subrem = "";
Jouni Malinenbbe959f2018-12-03 23:28:07 +0200[diff] [blame]183
184 snprintf(user, sizeof(user), "cert-%s", serial);
185 sigma_dut_print(dut, DUT_MSG_DEBUG, "Reset user %s (serial number: %s)",
186 user, serial);
187
188 if (sqlite3_open(SERVER_DB, &db)) {
189 sigma_dut_print(dut, DUT_MSG_ERROR,
190 "Failed to open SQLite database %s",
191 SERVER_DB);
192 return -1;
193 }
194
195 if (strcmp(serial, "1046") == 0) {
196 remediation = "machine";
Jouni Malinen2508a592019-01-23 01:07:08 +0200[diff] [blame]197 cert = "3786eb9ef44778fe8048f9fa6f8c3e611f2dbdd15f239fa93edcc417debefa5a";
198 subrem = "homeoi";
Jouni Malinenbbe959f2018-12-03 23:28:07 +0200[diff] [blame]199 } else if (strcmp(serial, "1047") == 0) {
200 remediation = "user";
Jouni Malinen2508a592019-01-23 01:07:08 +0200[diff] [blame]201 cert = "55cd0af162f2fb6de5b9481e37a0b0887f42e477ab09586b0c10f24b269b893f";
Jouni Malinenbbe959f2018-12-03 23:28:07 +0200[diff] [blame]202 } else {
203 sigma_dut_print(dut, DUT_MSG_INFO,
204 "Unsupported serial number '%s'", serial);
205 goto fail;
206 }
207
Jouni Malinen2508a592019-01-23 01:07:08 +0200[diff] [blame]208 sql = sqlite3_mprintf("INSERT OR REPLACE INTO users(identity,realm,methods,phase2,machine_managed,remediation,fetch_pps,osu_user,osu_password,policy,cert,subrem) VALUES (%Q,%Q,%Q,%d,%d,%Q,%d,%Q,%Q,%Q,%Q,%Q)",
Jouni Malinenbbe959f2018-12-03 23:28:07 +0200[diff] [blame]209 user, realm, methods,
210 phase2, machine_managed, remediation, fetch_pps,
Jouni Malinen2508a592019-01-23 01:07:08 +0200[diff] [blame]211 osu_user, osu_password, policy, cert, subrem);
Jouni Malinenbbe959f2018-12-03 23:28:07 +0200[diff] [blame]212
213 if (!sql)
214 goto fail;
215
216 sigma_dut_print(dut, DUT_MSG_DEBUG, "SQL: %s", sql);
217
218 if (sqlite3_exec(db, sql, NULL, NULL, NULL) != SQLITE_OK) {
219 sigma_dut_print(dut, DUT_MSG_ERROR, "SQL operation failed: %s",
220 sqlite3_errmsg(db));
221 } else {
222 res = 0;
223 }
224
225 sqlite3_free(sql);
226
227fail:
228 sqlite3_close(db);
229
230 return res;
231}
232
233
Jouni Malinen05630ab2018-09-15 02:59:58 +0300[diff] [blame]234static int server_reset_cert_enroll(struct sigma_dut *dut, const char *addr)
235{
236 sqlite3 *db;
237 char *sql;
238
239 sigma_dut_print(dut, DUT_MSG_DEBUG,
240 "Reset certificate enrollment status for %s", addr);
241
242 if (sqlite3_open(SERVER_DB, &db)) {
243 sigma_dut_print(dut, DUT_MSG_ERROR,
244 "Failed to open SQLite database %s",
245 SERVER_DB);
246 return -1;
247 }
248 sql = sqlite3_mprintf("DELETE FROM cert_enroll WHERE mac_addr=%Q",
249 addr);
250 if (!sql) {
251 sqlite3_close(db);
252 return -1;
253 }
254 sigma_dut_print(dut, DUT_MSG_DEBUG, "SQL: %s", sql);
255
256 if (sqlite3_exec(db, sql, NULL, NULL, NULL) != SQLITE_OK) {
257 sigma_dut_print(dut, DUT_MSG_ERROR,
258 "SQL operation failed: %s",
259 sqlite3_errmsg(db));
260 sqlite3_free(sql);
261 sqlite3_close(db);
262 return -1;
263 }
264
265 sqlite3_free(sql);
266 sqlite3_close(db);
267
268 return 0;
269}
270
271
Jouni Malinen4ec26fe2018-12-16 17:43:25 +0200[diff] [blame]272static int server_reset_imsi(struct sigma_dut *dut, const char *imsi)
273{
274 sqlite3 *db;
275 char *sql;
276
277 sigma_dut_print(dut, DUT_MSG_DEBUG, "Reset policy provisioning for %s",
278 imsi);
279
280 if (sqlite3_open(SERVER_DB, &db)) {
281 sigma_dut_print(dut, DUT_MSG_ERROR,
282 "Failed to open SQLite database %s",
283 SERVER_DB);
284 return -1;
285 }
286 sql = sqlite3_mprintf("DELETE FROM users WHERE identity=%Q", imsi);
287 if (!sql) {
288 sqlite3_close(db);
289 return -1;
290 }
291 sigma_dut_print(dut, DUT_MSG_DEBUG, "SQL: %s", sql);
292
293 if (sqlite3_exec(db, sql, NULL, NULL, NULL) != SQLITE_OK) {
294 sigma_dut_print(dut, DUT_MSG_ERROR,
295 "SQL operation failed: %s",
296 sqlite3_errmsg(db));
297 sqlite3_free(sql);
298 sqlite3_close(db);
299 return -1;
300 }
301
302 sqlite3_free(sql);
303 sqlite3_close(db);
304
305 return 0;
306}
307
308
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]309static enum sigma_cmd_result cmd_server_reset_default(struct sigma_dut *dut,
310 struct sigma_conn *conn,
311 struct sigma_cmd *cmd)
Jouni Malinencd4e3c32015-10-29 12:39:56 +0200[diff] [blame]312{
313 const char *var;
Jouni Malinen94d7b122018-09-04 13:16:41 +0300[diff] [blame]314 enum sigma_program prog;
Jouni Malinencd4e3c32015-10-29 12:39:56 +0200[diff] [blame]315
316 var = get_param(cmd, "Program");
Jouni Malinen94d7b122018-09-04 13:16:41 +0300[diff] [blame]317 if (!var) {
318 send_resp(dut, conn, SIGMA_ERROR,
319 "errorCode,Missing program parameter");
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]320 return STATUS_SENT;
Jouni Malinen94d7b122018-09-04 13:16:41 +0300[diff] [blame]321 }
322
323 prog = sigma_program_to_enum(var);
Jouni Malinen9a742ff2022-01-27 00:43:14 +0200[diff] [blame^]324 if (prog != PROGRAM_HS2_R2 && prog != PROGRAM_HS2_R3 &&
325 prog != PROGRAM_HS2_R4) {
Jouni Malinencd4e3c32015-10-29 12:39:56 +0200[diff] [blame]326 send_resp(dut, conn, SIGMA_ERROR,
327 "errorCode,Unsupported program");
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]328 return STATUS_SENT;
Jouni Malinencd4e3c32015-10-29 12:39:56 +0200[diff] [blame]329 }
330
331 var = get_param(cmd, "UserName");
Jouni Malinen3b17d532018-09-04 19:10:58 +0300[diff] [blame]332 if (var && server_reset_user(dut, var) < 0) {
333 send_resp(dut, conn, SIGMA_ERROR,
334 "errorCode,Failed to reset user account to defaults");
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]335 return STATUS_SENT;
Jouni Malinencd4e3c32015-10-29 12:39:56 +0200[diff] [blame]336 }
337
338 var = get_param(cmd, "SerialNo");
Jouni Malinenbbe959f2018-12-03 23:28:07 +0200[diff] [blame]339 if (var && server_reset_serial(dut, var)) {
340 send_resp(dut, conn, SIGMA_ERROR,
341 "errorCode,Failed to reset user account to defaults");
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]342 return STATUS_SENT;
Jouni Malinencd4e3c32015-10-29 12:39:56 +0200[diff] [blame]343 }
344
Jouni Malinen05630ab2018-09-15 02:59:58 +0300[diff] [blame]345 var = get_param(cmd, "ClientMACAddr");
346 if (var && server_reset_cert_enroll(dut, var) < 0) {
347 send_resp(dut, conn, SIGMA_ERROR,
348 "errorCode,Failed to reset cert enroll to defaults");
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]349 return STATUS_SENT;
Jouni Malinen05630ab2018-09-15 02:59:58 +0300[diff] [blame]350 }
351
Jouni Malinen4ec26fe2018-12-16 17:43:25 +0200[diff] [blame]352 var = get_param(cmd, "imsi_val");
353 if (var && server_reset_imsi(dut, var) < 0) {
354 send_resp(dut, conn, SIGMA_ERROR,
355 "errorCode,Failed to reset IMSI/SIM user");
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]356 return STATUS_SENT;
Jouni Malinen4ec26fe2018-12-16 17:43:25 +0200[diff] [blame]357 }
358
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]359 return SUCCESS_SEND_STATUS;
Jouni Malinencd4e3c32015-10-29 12:39:56 +0200[diff] [blame]360}
361
362
Jouni Malinen0f1614b2018-09-11 04:40:20 +0300[diff] [blame]363static int get_last_msk_cb(void *ctx, int argc, char *argv[], char *col[])
364{
365 char **last_msk = ctx;
366
367 if (argc < 1 || !argv[0])
368 return 0;
369
370 free(*last_msk);
371 *last_msk = strdup(argv[0]);
372
373 return 0;
374}
375
376
377static char * get_last_msk(struct sigma_dut *dut, sqlite3 *db,
378 const char *username)
379{
380 char *sql, *last_msk = NULL;
381
382 sql = sqlite3_mprintf("SELECT last_msk FROM users WHERE identity=%Q",
383 username);
384 if (!sql)
385 return NULL;
386
387 if (sqlite3_exec(db, sql, get_last_msk_cb, &last_msk, NULL) !=
388 SQLITE_OK) {
389 sigma_dut_print(dut, DUT_MSG_ERROR,
390 "SQL operation to fetch last_msk failed: %s",
391 sqlite3_errmsg(db));
392 sqlite3_free(sql);
393 return NULL;
394 }
395
396 sqlite3_free(sql);
397
398 return last_msk;
399}
400
401
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]402static enum sigma_cmd_result
403aaa_auth_status(struct sigma_dut *dut, struct sigma_conn *conn,
404 struct sigma_cmd *cmd, const char *username, int timeout)
Jouni Malinen0f1614b2018-09-11 04:40:20 +0300[diff] [blame]405{
406 sqlite3 *db;
407 char *sql = NULL;
408 int i;
409 char resp[500];
410
411 if (sqlite3_open(SERVER_DB, &db)) {
412 sigma_dut_print(dut, DUT_MSG_ERROR,
413 "Failed to open SQLite database %s",
414 SERVER_DB);
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]415 return INVALID_SEND_STATUS;
Jouni Malinen0f1614b2018-09-11 04:40:20 +0300[diff] [blame]416 }
417
418 sql = sqlite3_mprintf("UPDATE users SET last_msk=NULL WHERE identity=%Q",
419 username);
420 if (!sql) {
421 sqlite3_close(db);
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]422 return ERROR_SEND_STATUS;
Jouni Malinen0f1614b2018-09-11 04:40:20 +0300[diff] [blame]423 }
424
425 if (sqlite3_exec(db, sql, NULL, NULL, NULL) != SQLITE_OK) {
426 sigma_dut_print(dut, DUT_MSG_ERROR,
427 "SQL operation to clear last_msk failed: %s",
428 sqlite3_errmsg(db));
429 sqlite3_free(sql);
430 sqlite3_close(db);
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]431 return ERROR_SEND_STATUS;
Jouni Malinen0f1614b2018-09-11 04:40:20 +0300[diff] [blame]432 }
433
434 sqlite3_free(sql);
435
Jouni Malinen89dfb222018-10-07 16:51:39 +0300[diff] [blame]436 if (sqlite3_changes(db) < 1) {
437 sigma_dut_print(dut, DUT_MSG_ERROR,
438 "No DB rows modified (specified user not found)");
439 sqlite3_close(db);
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]440 return ERROR_SEND_STATUS;
Jouni Malinen89dfb222018-10-07 16:51:39 +0300[diff] [blame]441 }
442
Jouni Malinen0f1614b2018-09-11 04:40:20 +0300[diff] [blame]443 snprintf(resp, sizeof(resp), "AuthStatus,TIMEOUT,MSK,NULL");
444
445 for (i = 0; i < timeout; i++) {
446 char *last_msk;
447
448 last_msk = get_last_msk(dut, db, username);
449 if (last_msk) {
450 if (strcmp(last_msk, "FAIL") == 0) {
451 snprintf(resp, sizeof(resp),
452 "AuthStatus,FAIL,MSK,NULL");
453 } else {
454 snprintf(resp, sizeof(resp),
455 "AuthStatus,SUCCESS,MSK,%s", last_msk);
456 }
457 free(last_msk);
458 break;
459 }
460 sleep(1);
461 }
462
463 sqlite3_close(db);
464
465 send_resp(dut, conn, SIGMA_COMPLETE, resp);
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]466 return STATUS_SENT;
Jouni Malinen0f1614b2018-09-11 04:40:20 +0300[diff] [blame]467}
468
469
Jouni Malinen05630ab2018-09-15 02:59:58 +0300[diff] [blame]470static int get_last_serial_cb(void *ctx, int argc, char *argv[], char *col[])
471{
472 char **last_serial = ctx;
473
474 if (argc < 1 || !argv[0])
475 return 0;
476
477 free(*last_serial);
478 *last_serial = strdup(argv[0]);
479
480 return 0;
481}
482
483
484static char * get_last_serial(struct sigma_dut *dut, sqlite3 *db,
485 const char *addr)
486{
487 char *sql, *last_serial = NULL;
488
489 sql = sqlite3_mprintf("SELECT serialnum FROM cert_enroll WHERE mac_addr=%Q",
490 addr);
491 if (!sql)
492 return NULL;
493 sigma_dut_print(dut, DUT_MSG_DEBUG, "SQL: %s", sql);
494
495 if (sqlite3_exec(db, sql, get_last_serial_cb, &last_serial, NULL) !=
496 SQLITE_OK) {
497 sigma_dut_print(dut, DUT_MSG_ERROR,
498 "SQL operation to fetch last_serial failed: %s",
499 sqlite3_errmsg(db));
500 sqlite3_free(sql);
501 return NULL;
502 }
503
504 sqlite3_free(sql);
505
506 return last_serial;
507}
508
509
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]510static enum sigma_cmd_result
511osu_cert_enroll_status(struct sigma_dut *dut, struct sigma_conn *conn,
512 struct sigma_cmd *cmd, const char *addr, int timeout)
Jouni Malinen05630ab2018-09-15 02:59:58 +0300[diff] [blame]513{
514 sqlite3 *db;
515 int i;
516 char resp[500];
517
518 if (sqlite3_open(SERVER_DB, &db)) {
519 sigma_dut_print(dut, DUT_MSG_ERROR,
520 "Failed to open SQLite database %s",
521 SERVER_DB);
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]522 return INVALID_SEND_STATUS;
Jouni Malinen05630ab2018-09-15 02:59:58 +0300[diff] [blame]523 }
524
525 snprintf(resp, sizeof(resp), "OSUStatus,TIMEOUT");
526
527 for (i = 0; i < timeout; i++) {
528 char *last_serial;
529
530 last_serial = get_last_serial(dut, db, addr);
531 if (last_serial) {
532 if (strcmp(last_serial, "FAIL") == 0) {
533 snprintf(resp, sizeof(resp),
534 "OSUStatus,FAIL");
535 } else if (strlen(last_serial) > 0) {
536 snprintf(resp, sizeof(resp),
537 "OSUStatus,SUCCESS,SerialNo,%s",
538 last_serial);
539 }
540 free(last_serial);
541 break;
542 }
543 sleep(1);
544 }
545
546 sqlite3_close(db);
547
548 send_resp(dut, conn, SIGMA_COMPLETE, resp);
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]549 return STATUS_SENT;
Jouni Malinen05630ab2018-09-15 02:59:58 +0300[diff] [blame]550}
551
552
Jouni Malinen4ea3acb2018-10-08 13:06:30 +0300[diff] [blame]553static int get_user_field_cb(void *ctx, int argc, char *argv[], char *col[])
554{
555 char **val = ctx;
556
557 if (argc < 1 || !argv[0])
558 return 0;
559
560 free(*val);
561 *val = strdup(argv[0]);
562
563 return 0;
564}
565
566
Jouni Malinende664c32018-10-15 11:02:07 +0300[diff] [blame]567static char * get_user_field_helper(struct sigma_dut *dut, sqlite3 *db,
568 const char *id_field,
569 const char *identity, const char *field)
Jouni Malinen4ea3acb2018-10-08 13:06:30 +0300[diff] [blame]570{
571 char *sql, *val = NULL;
572
Jouni Malinende664c32018-10-15 11:02:07 +0300[diff] [blame]573 sql = sqlite3_mprintf("SELECT %s FROM users WHERE %s=%Q",
574 field, id_field, identity);
Jouni Malinen4ea3acb2018-10-08 13:06:30 +0300[diff] [blame]575 if (!sql)
576 return NULL;
577 sigma_dut_print(dut, DUT_MSG_DEBUG, "SQL: %s", sql);
578
579 if (sqlite3_exec(db, sql, get_user_field_cb, &val, NULL) != SQLITE_OK) {
580 sigma_dut_print(dut, DUT_MSG_ERROR,
581 "SQL operation to fetch user field failed: %s",
582 sqlite3_errmsg(db));
583 sqlite3_free(sql);
584 return NULL;
585 }
586
587 sqlite3_free(sql);
588
589 return val;
590}
591
592
Jouni Malinende664c32018-10-15 11:02:07 +0300[diff] [blame]593static char * get_user_field(struct sigma_dut *dut, sqlite3 *db,
594 const char *identity, const char *field)
595{
596 return get_user_field_helper(dut, db, "identity", identity, field);
597}
598
599
600static char * get_user_dmacc_field(struct sigma_dut *dut, sqlite3 *db,
601 const char *identity, const char *field)
602{
603 return get_user_field_helper(dut, db, "osu_user", identity, field);
604}
605
606
Jouni Malinen33f2acf2019-01-10 00:46:00 +0200[diff] [blame]607static int get_eventlog_new_serialno_cb(void *ctx, int argc, char *argv[],
608 char *col[])
609{
610 char **serialno = ctx;
611 char *val;
612
613 if (argc < 1 || !argv[0])
614 return 0;
615
616 val = argv[0];
617 if (strncmp(val, "renamed user to: cert-", 22) != 0)
618 return 0;
619 val += 22;
620 free(*serialno);
621 *serialno = strdup(val);
622
623 return 0;
624}
625
626
627static char * get_eventlog_new_serialno(struct sigma_dut *dut, sqlite3 *db,
628 const char *username)
629{
630 char *sql, *serial = NULL;
631
632 sql = sqlite3_mprintf("SELECT notes FROM eventlog WHERE user=%Q AND notes LIKE %Q",
633 username, "renamed user to:%");
634 if (!sql)
635 return NULL;
636
637 if (sqlite3_exec(db, sql, get_eventlog_new_serialno_cb, &serial,
638 NULL) != SQLITE_OK) {
639 sigma_dut_print(dut, DUT_MSG_ERROR,
640 "SQL operation to fetch new serialno failed: %s",
641 sqlite3_errmsg(db));
642 sqlite3_free(sql);
643 return NULL;
644 }
645
646 sqlite3_free(sql);
647
648 return serial;
649}
650
651
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]652static enum sigma_cmd_result
653osu_remediation_status(struct sigma_dut *dut, struct sigma_conn *conn,
654 int timeout, const char *username, const char *serialno)
Jouni Malinen4ea3acb2018-10-08 13:06:30 +0300[diff] [blame]655{
656 sqlite3 *db;
657 int i;
658 char resp[500];
659 char name[100];
660 char *remediation = NULL;
Jouni Malinende664c32018-10-15 11:02:07 +0300[diff] [blame]661 int dmacc = 0;
Jouni Malinen4ea3acb2018-10-08 13:06:30 +0300[diff] [blame]662
663 if (!username && !serialno)
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]664 return INVALID_SEND_STATUS;
Jouni Malinen4ea3acb2018-10-08 13:06:30 +0300[diff] [blame]665 if (!username) {
666 snprintf(name, sizeof(name), "cert-%s", serialno);
667 username = name;
668 }
669
670 if (sqlite3_open(SERVER_DB, &db)) {
671 sigma_dut_print(dut, DUT_MSG_ERROR,
672 "Failed to open SQLite database %s",
673 SERVER_DB);
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]674 return ERROR_SEND_STATUS;
Jouni Malinen4ea3acb2018-10-08 13:06:30 +0300[diff] [blame]675 }
676
677 remediation = get_user_field(dut, db, username, "remediation");
678 if (!remediation) {
Jouni Malinende664c32018-10-15 11:02:07 +0300[diff] [blame]679 remediation = get_user_dmacc_field(dut, db, username,
680 "remediation");
681 dmacc = 1;
682 }
683 if (!remediation) {
Jouni Malinen4ea3acb2018-10-08 13:06:30 +0300[diff] [blame]684 snprintf(resp, sizeof(resp),
685 "RemediationStatus,User entry not found");
686 goto done;
687 }
688 if (remediation[0] == '\0') {
689 snprintf(resp, sizeof(resp),
690 "RemediationStatus,User was not configured to need remediation");
691 goto done;
692 }
693
694 snprintf(resp, sizeof(resp), "RemediationStatus,TIMEOUT");
695
696 for (i = 0; i < timeout; i++) {
697 sleep(1);
698 free(remediation);
Jouni Malinende664c32018-10-15 11:02:07 +0300[diff] [blame]699 if (dmacc)
700 remediation = get_user_dmacc_field(dut, db, username,
701 "remediation");
702 else
703 remediation = get_user_field(dut, db, username,
704 "remediation");
Jouni Malinen33f2acf2019-01-10 00:46:00 +0200[diff] [blame]705 if (!remediation && serialno) {
706 char *new_serial;
707
708 /* Certificate reenrollment through subscription
709 * remediation - fetch the new serial number */
710 new_serial = get_eventlog_new_serialno(dut, db,
711 username);
712 if (!new_serial) {
713 /* New SerialNo not known?! */
714 snprintf(resp, sizeof(resp),
715 "RemediationStatus,Remediation Complete,SerialNo,Unknown");
716 break;
717 }
718 snprintf(resp, sizeof(resp),
719 "RemediationStatus,Remediation Complete,SerialNo,%s",
720 new_serial);
721 free(new_serial);
722 break;
723 } else if (remediation && remediation[0] == '\0') {
Jouni Malinen4ea3acb2018-10-08 13:06:30 +0300[diff] [blame]724 snprintf(resp, sizeof(resp),
725 "RemediationStatus,Remediation Complete");
726 break;
727 }
728 }
729
730done:
731 free(remediation);
732 sqlite3_close(db);
733
734 send_resp(dut, conn, SIGMA_COMPLETE, resp);
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]735 return STATUS_SENT;
Jouni Malinen4ea3acb2018-10-08 13:06:30 +0300[diff] [blame]736}
737
738
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]739static enum sigma_cmd_result
740osu_polupd_status(struct sigma_dut *dut, struct sigma_conn *conn, int timeout,
741 const char *username, const char *serialno)
Jouni Malinene9265832018-10-19 18:59:58 +0300[diff] [blame]742{
743 sqlite3 *db;
744 char *sql;
745 int i;
746 char resp[500];
747 char name[100];
748 char *policy = NULL;
749 int dmacc = 0;
750
751 if (!username && !serialno)
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]752 return INVALID_SEND_STATUS;
Jouni Malinene9265832018-10-19 18:59:58 +0300[diff] [blame]753 if (!username) {
754 snprintf(name, sizeof(name), "cert-%s", serialno);
755 username = name;
756 }
757
758 if (sqlite3_open(SERVER_DB, &db)) {
759 sigma_dut_print(dut, DUT_MSG_ERROR,
760 "Failed to open SQLite database %s",
761 SERVER_DB);
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]762 return ERROR_SEND_STATUS;
Jouni Malinene9265832018-10-19 18:59:58 +0300[diff] [blame]763 }
764
765 policy = get_user_field(dut, db, username, "policy");
766 if (!policy) {
767 policy = get_user_dmacc_field(dut, db, username, "policy");
768 dmacc = 1;
769 }
770 if (!policy) {
771 snprintf(resp, sizeof(resp),
772 "PolicyUpdateStatus,User entry not found");
773 goto done;
774 }
775 if (policy[0] == '\0') {
776 snprintf(resp, sizeof(resp),
777 "PolicyUpdateStatus,User was not configured to need policy update");
778 goto done;
779 }
780
781 sql = sqlite3_mprintf("UPDATE users SET polupd_done=0 WHERE %s=%Q",
782 (dmacc ? "osu_user" : "identity"),
783 username);
784 if (!sql) {
785 snprintf(resp, sizeof(resp),
786 "PolicyUpdateStatus,Internal error");
787 goto done;
788 }
789 sigma_dut_print(dut, DUT_MSG_DEBUG, "SQL: %s", sql);
790 if (sqlite3_exec(db, sql, NULL, NULL, NULL) != SQLITE_OK) {
791 sigma_dut_print(dut, DUT_MSG_ERROR,
792 "SQL operation to fetch user field failed: %s",
793 sqlite3_errmsg(db));
794 sqlite3_free(sql);
795 goto done;
796 }
797 sqlite3_free(sql);
798
799 snprintf(resp, sizeof(resp), "PolicyUpdateStatus,TIMEOUT");
800
801 for (i = 0; i < timeout; i++) {
802 sleep(1);
803 free(policy);
804 if (dmacc)
805 policy = get_user_dmacc_field(dut, db, username,
806 "polupd_done");
807 else
808 policy = get_user_field(dut, db, username,
809 "polupd_done");
810 if (policy && atoi(policy)) {
811 snprintf(resp, sizeof(resp),
812 "PolicyUpdateStatus,UpdateComplete");
813 break;
814 }
815 }
816
817done:
818 free(policy);
819 sqlite3_close(db);
820
821 send_resp(dut, conn, SIGMA_COMPLETE, resp);
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]822 return STATUS_SENT;
Jouni Malinene9265832018-10-19 18:59:58 +0300[diff] [blame]823}
824
825
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]826static enum sigma_cmd_result
827osu_sim_policy_provisioning_status(struct sigma_dut *dut,
828 struct sigma_conn *conn,
829 const char *imsi, int timeout)
Jouni Malinen7116cd42018-12-16 17:51:11 +0200[diff] [blame]830{
831 sqlite3 *db;
832 int i;
833 char resp[500];
834 char *id = NULL;
835
836 if (sqlite3_open(SERVER_DB, &db)) {
837 sigma_dut_print(dut, DUT_MSG_ERROR,
838 "Failed to open SQLite database %s",
839 SERVER_DB);
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]840 return INVALID_SEND_STATUS;
Jouni Malinen7116cd42018-12-16 17:51:11 +0200[diff] [blame]841 }
842
843 snprintf(resp, sizeof(resp), "PolicyProvisioning,TIMEOUT");
844
845 for (i = 0; i < timeout; i++) {
846 free(id);
847 id = get_user_field(dut, db, imsi, "identity");
848 if (id) {
849 snprintf(resp, sizeof(resp),
850 "PolicyProvisioning,Provisioning Complete");
851 break;
852 }
853 sleep(1);
854 }
855
856 free(id);
857 sqlite3_close(db);
858
859 send_resp(dut, conn, SIGMA_COMPLETE, resp);
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]860 return STATUS_SENT;
Jouni Malinen7116cd42018-12-16 17:51:11 +0200[diff] [blame]861}
862
863
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]864static enum sigma_cmd_result cmd_server_request_status(struct sigma_dut *dut,
865 struct sigma_conn *conn,
866 struct sigma_cmd *cmd)
Jouni Malinencd4e3c32015-10-29 12:39:56 +0200[diff] [blame]867{
868 const char *var, *username, *serialno, *imsi, *addr, *status;
869 int osu, timeout;
870 char resp[500];
Jouni Malinen0f1614b2018-09-11 04:40:20 +0300[diff] [blame]871 enum sigma_program prog;
Jouni Malinencd4e3c32015-10-29 12:39:56 +0200[diff] [blame]872
873 var = get_param(cmd, "Program");
Jouni Malinen0f1614b2018-09-11 04:40:20 +0300[diff] [blame]874 if (!var) {
875 send_resp(dut, conn, SIGMA_ERROR,
876 "errorCode,Missing program parameter");
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]877 return STATUS_SENT;
Jouni Malinen0f1614b2018-09-11 04:40:20 +0300[diff] [blame]878 }
879
880 prog = sigma_program_to_enum(var);
Jouni Malinen9a742ff2022-01-27 00:43:14 +0200[diff] [blame^]881 if (prog != PROGRAM_HS2_R2 && prog != PROGRAM_HS2_R3 &&
882 prog != PROGRAM_HS2_R4) {
Jouni Malinencd4e3c32015-10-29 12:39:56 +0200[diff] [blame]883 "errorCode,Unsupported program");
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]884 return STATUS_SENT;
Jouni Malinencd4e3c32015-10-29 12:39:56 +0200[diff] [blame]885 }
886
887 var = get_param(cmd, "Device");
888 if (!var ||
889 (strcasecmp(var, "AAAServer") != 0 &&
890 strcasecmp(var, "OSUServer") != 0)) {
891 send_resp(dut, conn, SIGMA_ERROR,
892 "errorCode,Unsupported device type");
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]893 return STATUS_SENT;
Jouni Malinencd4e3c32015-10-29 12:39:56 +0200[diff] [blame]894 }
895 osu = strcasecmp(var, "OSUServer") == 0;
896
897 var = get_param(cmd, "Timeout");
898 if (!var) {
899 send_resp(dut, conn, SIGMA_ERROR,
900 "errorCode,Missing timeout");
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]901 return STATUS_SENT;
Jouni Malinencd4e3c32015-10-29 12:39:56 +0200[diff] [blame]902 }
903 timeout = atoi(var);
904 sigma_dut_print(dut, DUT_MSG_DEBUG, "timeout: %d", timeout);
905
906 username = get_param(cmd, "UserName");
907 if (username)
908 sigma_dut_print(dut, DUT_MSG_DEBUG, "UserName: %s", username);
909 serialno = get_param(cmd, "SerialNo");
910 if (serialno)
911 sigma_dut_print(dut, DUT_MSG_DEBUG, "SerialNo: %s", serialno);
912 imsi = get_param(cmd, "imsi_val");
913 if (imsi)
914 sigma_dut_print(dut, DUT_MSG_DEBUG, "imsi_val: %s", imsi);
915 addr = get_param(cmd, "ClientMACAddr");
916 if (addr)
917 sigma_dut_print(dut, DUT_MSG_DEBUG, "ClientMACAddr: %s", addr);
918 status = get_param(cmd, "Status");
919 if (status)
920 sigma_dut_print(dut, DUT_MSG_DEBUG, "Status: %s", status);
921
Jouni Malinen4ea3acb2018-10-08 13:06:30 +0300[diff] [blame]922 if (osu && status && strcasecmp(status, "Remediation") == 0)
923 return osu_remediation_status(dut, conn, timeout, username,
924 serialno);
Jouni Malinencd4e3c32015-10-29 12:39:56 +0200[diff] [blame]925
Jouni Malinene9265832018-10-19 18:59:58 +0300[diff] [blame]926 if (osu && status && strcasecmp(status, "PolicyUpdate") == 0)
927 return osu_polupd_status(dut, conn, timeout, username,
928 serialno);
929
Jouni Malinen0f1614b2018-09-11 04:40:20 +0300[diff] [blame]930 if (!osu && status && strcasecmp(status, "Authentication") == 0 &&
931 username)
932 return aaa_auth_status(dut, conn, cmd, username, timeout);
933
Jouni Malinen89dfb222018-10-07 16:51:39 +0300[diff] [blame]934 if (!osu && status && strcasecmp(status, "Authentication") == 0 &&
935 serialno) {
936 snprintf(resp, sizeof(resp), "cert-%s", serialno);
937 return aaa_auth_status(dut, conn, cmd, resp, timeout);
938 }
939
Jouni Malinen05630ab2018-09-15 02:59:58 +0300[diff] [blame]940 if (osu && status && strcasecmp(status, "OSU") == 0 && addr)
941 return osu_cert_enroll_status(dut, conn, cmd, addr, timeout);
942
Jouni Malinen7116cd42018-12-16 17:51:11 +0200[diff] [blame]943 if (osu && status && strcasecmp(status, "PolicyProvisioning") == 0 &&
944 imsi)
945 return osu_sim_policy_provisioning_status(dut, conn, imsi,
946 timeout);
947
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]948 return SUCCESS_SEND_STATUS;
Jouni Malinencd4e3c32015-10-29 12:39:56 +0200[diff] [blame]949}
950
951
Jouni Malinenb8b7e7b2018-09-26 13:39:42 +0300[diff] [blame]952static int osu_set_cert_reenroll(struct sigma_dut *dut, const char *serial,
953 int enable)
954{
955 sqlite3 *db;
956 char *sql;
957 char id[100];
958 int ret = -1;
959
960 if (sqlite3_open(SERVER_DB, &db)) {
961 sigma_dut_print(dut, DUT_MSG_ERROR,
962 "Failed to open SQLite database %s",
963 SERVER_DB);
964 return -1;
965 }
966
967 snprintf(id, sizeof(id), "cert-%s", serial);
968 sql = sqlite3_mprintf("UPDATE users SET remediation=%Q WHERE lower(identity)=lower(%Q)",
Jouni Malinen959372f2018-12-04 13:49:45 +0200[diff] [blame]969 enable ? "reenroll" : "", id);
Jouni Malinenb8b7e7b2018-09-26 13:39:42 +0300[diff] [blame]970 if (!sql)
971 goto fail;
972 sigma_dut_print(dut, DUT_MSG_DEBUG, "SQL: %s", sql);
973 if (sqlite3_exec(db, sql, NULL, NULL, NULL) != SQLITE_OK) {
974 sigma_dut_print(dut, DUT_MSG_ERROR, "SQL operation failed: %s",
975 sqlite3_errmsg(db));
976 goto fail;
977 }
978
979 if (sqlite3_changes(db) < 1) {
980 sigma_dut_print(dut, DUT_MSG_ERROR, "No DB rows modified (specified serial number not found)");
981 goto fail;
982 }
983
984 ret = 0;
985fail:
986 sqlite3_close(db);
987
988 return ret;
989}
990
991
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]992static enum sigma_cmd_result cmd_server_set_parameter(struct sigma_dut *dut,
993 struct sigma_conn *conn,
994 struct sigma_cmd *cmd)
Jouni Malinenab8c7182018-09-11 02:55:45 +0300[diff] [blame]995{
Jouni Malinen93b170b2018-09-15 02:58:27 +0300[diff] [blame]996 const char *var, *root_ca, *inter_ca, *osu_cert, *issuing_arch, *name;
Jouni Malinenb8b7e7b2018-09-26 13:39:42 +0300[diff] [blame]997 const char *reenroll, *serial;
Jouni Malinenab8c7182018-09-11 02:55:45 +0300[diff] [blame]998 int osu, timeout = -1;
999 enum sigma_program prog;
1000
1001 var = get_param(cmd, "Program");
1002 if (!var) {
1003 send_resp(dut, conn, SIGMA_ERROR,
1004 "errorCode,Missing program parameter");
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]1005 return STATUS_SENT;
Jouni Malinenab8c7182018-09-11 02:55:45 +0300[diff] [blame]1006 }
1007
1008 prog = sigma_program_to_enum(var);
Jouni Malinen9a742ff2022-01-27 00:43:14 +0200[diff] [blame^]1009 if (prog != PROGRAM_HS2_R2 && prog != PROGRAM_HS2_R3 &&
1010 prog != PROGRAM_HS2_R4) {
Jouni Malinenab8c7182018-09-11 02:55:45 +0300[diff] [blame]1011 send_resp(dut, conn, SIGMA_ERROR,
1012 "errorCode,Unsupported program");
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]1013 return STATUS_SENT;
Jouni Malinenab8c7182018-09-11 02:55:45 +0300[diff] [blame]1014 }
1015
1016 var = get_param(cmd, "Device");
1017 if (!var ||
1018 (strcasecmp(var, "AAAServer") != 0 &&
1019 strcasecmp(var, "OSUServer") != 0)) {
1020 send_resp(dut, conn, SIGMA_ERROR,
1021 "errorCode,Unsupported device type");
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]1022 return STATUS_SENT;
Jouni Malinenab8c7182018-09-11 02:55:45 +0300[diff] [blame]1023 }
1024 osu = strcasecmp(var, "OSUServer") == 0;
1025
1026 var = get_param(cmd, "Timeout");
1027 if (var)
1028 timeout = atoi(var);
1029
1030 var = get_param(cmd, "ProvisioningProto");
1031 if (var && strcasecmp(var, "SOAP") != 0) {
1032 send_resp(dut, conn, SIGMA_ERROR,
1033 "errorCode,Unsupported ProvisioningProto");
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]1034 return STATUS_SENT;
Jouni Malinenab8c7182018-09-11 02:55:45 +0300[diff] [blame]1035 }
1036
Jouni Malinenb8b7e7b2018-09-26 13:39:42 +0300[diff] [blame]1037 reenroll = get_param(cmd, "CertReEnroll");
1038 serial = get_param(cmd, "SerialNo");
1039 if (reenroll && serial) {
1040 int enable;
1041
1042 if (strcasecmp(reenroll, "Enable") == 0) {
1043 enable = 1;
1044 } else if (strcasecmp(reenroll, "Disable") == 0) {
1045 enable = 0;
1046 } else {
1047 send_resp(dut, conn, SIGMA_ERROR,
1048 "errorCode,Invalid CertReEnroll value");
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]1049 return STATUS_SENT;
Jouni Malinenb8b7e7b2018-09-26 13:39:42 +0300[diff] [blame]1050 }
1051
1052 if (osu_set_cert_reenroll(dut, serial, enable) < 0) {
1053 send_resp(dut, conn, SIGMA_ERROR,
1054 "errorCode,Failed to update certificate reenrollment state");
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]1055 return STATUS_SENT;
Jouni Malinenb8b7e7b2018-09-26 13:39:42 +0300[diff] [blame]1056 }
1057 }
1058
Jouni Malinen93b170b2018-09-15 02:58:27 +0300[diff] [blame]1059 name = get_param(cmd, "Name");
1060 root_ca = get_param(cmd, "TrustRootCACert");
1061 inter_ca = get_param(cmd, "InterCACert");
1062 osu_cert = get_param(cmd, "OSUServerCert");
1063 issuing_arch = get_param(cmd, "Issuing_Arch");
1064
Jouni Malinenab8c7182018-09-11 02:55:45 +0300[diff] [blame]1065 if (timeout > -1) {
1066 /* TODO */
1067 }
1068
Jouni Malinen93b170b2018-09-15 02:58:27 +0300[diff] [blame]1069 if (osu && name && root_ca && inter_ca && osu_cert && issuing_arch) {
1070 const char *srv;
1071 char buf[500];
1072 char buf2[500];
1073 int col;
1074
1075 sigma_dut_print(dut, DUT_MSG_DEBUG,
1076 "Update server certificate setup");
1077
1078 if (strcasecmp(name, "ruckus") == 0) {
1079 srv = "RKS";
1080 } else if (strcasecmp(name, "aruba") == 0) {
1081 srv = "ARU";
1082 } else {
1083 send_resp(dut, conn, SIGMA_ERROR,
1084 "errorCode,Unsupported Name value");
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]1085 return STATUS_SENT;
Jouni Malinen93b170b2018-09-15 02:58:27 +0300[diff] [blame]1086 }
1087
1088 if (strcasecmp(issuing_arch, "col2") == 0) {
1089 col = 2;
1090 } else if (strcasecmp(issuing_arch, "col4") == 0) {
1091 col = 4;
1092 } else {
1093 send_resp(dut, conn, SIGMA_ERROR,
1094 "errorCode,Unsupported Issuing_Arch value");
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]1095 return STATUS_SENT;
Jouni Malinen93b170b2018-09-15 02:58:27 +0300[diff] [blame]1096 }
1097
1098 if (strcasecmp(root_ca, "ID-T") == 0) {
1099 sigma_dut_print(dut, DUT_MSG_DEBUG,
1100 "OSU trust root: NetworkFX");
1101 if (system("cp " CERT_DIR "/IDT-cert-RootCA.pem "
1102 CERT_DIR "/cacert.pem") < 0)
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]1103 return ERROR_SEND_STATUS;
Jouni Malinen93b170b2018-09-15 02:58:27 +0300[diff] [blame]1104 } else if (strcasecmp(root_ca, "ID-Y") == 0) {
1105 sigma_dut_print(dut, DUT_MSG_DEBUG,
1106 "OSU trust root: NetworkFX");
1107 if (system("cp " CERT_DIR "/IDY-cert-RootCA.pem "
1108 CERT_DIR "/cacert.pem") < 0)
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]1109 return ERROR_SEND_STATUS;
Jouni Malinen2e1ab0f2021-10-08 21:17:14 +0300[diff] [blame]1110 } else if (strcasecmp(root_ca, "ID-K.1") == 0) {
1111 sigma_dut_print(dut, DUT_MSG_DEBUG,
1112 "OSU trust root: Not-trusted");
1113 if (system("cp " CERT_DIR "/IDK1-ca.pem "
1114 CERT_DIR "/cacert.pem") < 0)
1115 return ERROR_SEND_STATUS;
Jouni Malinen93b170b2018-09-15 02:58:27 +0300[diff] [blame]1116 } else {
1117 send_resp(dut, conn, SIGMA_ERROR,
1118 "errorCode,Unsupported TrustRootCACert value");
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]1119 return STATUS_SENT;
Jouni Malinen93b170b2018-09-15 02:58:27 +0300[diff] [blame]1120 }
1121
1122 if (strcasecmp(inter_ca, "ID-Z.2") == 0) {
1123 sigma_dut_print(dut, DUT_MSG_DEBUG,
1124 "OSU intermediate CA: NetworkFX (col2)");
1125 if (system("cat " CERT_DIR "/IDZ2-cert-InterCA.pem >> "
1126 CERT_DIR "/cacert.pem") < 0)
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]1127 return ERROR_SEND_STATUS;
Jouni Malinen93b170b2018-09-15 02:58:27 +0300[diff] [blame]1128 } else if (strcasecmp(inter_ca, "ID-Z.4") == 0) {
1129 sigma_dut_print(dut, DUT_MSG_DEBUG,
1130 "OSU intermediate CA: DigiCert (col2)");
1131 if (system("cat " CERT_DIR "/IDZ4-cert-InterCA.pem >> "
1132 CERT_DIR "/cacert.pem") < 0)
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]1133 return ERROR_SEND_STATUS;
Jouni Malinen93b170b2018-09-15 02:58:27 +0300[diff] [blame]1134 } else if (strcasecmp(inter_ca, "ID-Z.6") == 0) {
1135 sigma_dut_print(dut, DUT_MSG_DEBUG,
1136 "OSU intermediate CA: NetworkFX (col4)");
1137 if (system("cat " CERT_DIR "/IDZ6-cert-InterCA.pem >> "
1138 CERT_DIR "/cacert.pem") < 0)
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]1139 return ERROR_SEND_STATUS;
Jouni Malinen93b170b2018-09-15 02:58:27 +0300[diff] [blame]1140 } else if (strcasecmp(inter_ca, "ID-Z.8") == 0) {
1141 sigma_dut_print(dut, DUT_MSG_DEBUG,
1142 "OSU intermediate CA: DigiCert (col4)");
1143 if (system("cat " CERT_DIR "/IDZ8-cert-InterCA.pem >> "
1144 CERT_DIR "/cacert.pem") < 0)
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]1145 return ERROR_SEND_STATUS;
Jouni Malinen2e1ab0f2021-10-08 21:17:14 +0300[diff] [blame]1146 } else if (strcasecmp(inter_ca, "ID-K.1") == 0) {
1147 sigma_dut_print(dut, DUT_MSG_DEBUG,
1148 "OSU intermediate CA: Not-trusted");
1149 if (system("cat " CERT_DIR "/IDK1-IntCA.pem >> "
1150 CERT_DIR "/cacert.pem") < 0)
1151 return ERROR_SEND_STATUS;
Jouni Malinen93b170b2018-09-15 02:58:27 +0300[diff] [blame]1152 } else {
1153 send_resp(dut, conn, SIGMA_ERROR,
1154 "errorCode,Unsupported InterCACert value");
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]1155 return STATUS_SENT;
Jouni Malinen93b170b2018-09-15 02:58:27 +0300[diff] [blame]1156 }
1157
1158 if (strcasecmp(osu_cert, "ID-Q") == 0) {
1159 sigma_dut_print(dut, DUT_MSG_DEBUG,
1160 "OSU server cert: NetworkFX col%d",
1161 col);
1162 snprintf(buf, sizeof(buf),
1163 "cp " CERT_DIR "/IDQ-cert-c%d-%s.pem "
1164 CERT_DIR "/server.pem",
1165 col, srv);
1166 snprintf(buf2, sizeof(buf2),
1167 "cp " CERT_DIR "/IDQ-key-%s.pem "
1168 CERT_DIR "/server.key", srv);
1169 } else if (strcasecmp(osu_cert, "ID-W") == 0) {
1170 sigma_dut_print(dut, DUT_MSG_DEBUG,
1171 "OSU server cert: DigiCert col%d",
1172 col);
1173 snprintf(buf, sizeof(buf),
1174 "cp " CERT_DIR "/IDW-cert-c%d-%s.pem "
1175 CERT_DIR "/server.pem",
1176 col, srv);
1177 snprintf(buf2, sizeof(buf2),
1178 "cp " CERT_DIR "/IDW-key-%s.pem "
1179 CERT_DIR "/server.key", srv);
Jouni Malinen2e1ab0f2021-10-08 21:17:14 +0300[diff] [blame]1180 } else if (strcasecmp(osu_cert, "ID-K.1") == 0) {
1181 sigma_dut_print(dut, DUT_MSG_DEBUG,
1182 "OSU server cert: Not-trusted");
1183 snprintf(buf, sizeof(buf),
1184 "cp " CERT_DIR "/IDK1-cert-%s.pem "
1185 CERT_DIR "/server.pem",
1186 srv);
1187 snprintf(buf2, sizeof(buf2),
1188 "cp " CERT_DIR "/IDK1-key-%s.pem "
1189 CERT_DIR "/server.key", srv);
Jouni Malinen93b170b2018-09-15 02:58:27 +0300[diff] [blame]1190 } else if (strcasecmp(osu_cert, "ID-R.2") == 0) {
1191 sigma_dut_print(dut, DUT_MSG_DEBUG,
1192 "OSU server cert: NetworkFX revoked col%d",
1193 col);
1194 snprintf(buf, sizeof(buf),
1195 "cp " CERT_DIR "/IDR2-cert-c%d-%s.pem "
1196 CERT_DIR "/server.pem",
1197 col, srv);
1198 snprintf(buf2, sizeof(buf2),
1199 "cp " CERT_DIR "/IDR2-key-%s.pem "
1200 CERT_DIR "/server.key", srv);
1201 } else if (strcasecmp(osu_cert, "ID-R.4") == 0) {
1202 sigma_dut_print(dut, DUT_MSG_DEBUG,
1203 "OSU server cert: DigiCert revoked col%d",
1204 col);
1205 snprintf(buf, sizeof(buf),
1206 "cp " CERT_DIR "/IDR4-cert-c%d-%s.pem "
1207 CERT_DIR "/server.pem",
1208 col, srv);
1209 snprintf(buf2, sizeof(buf2),
1210 "cp " CERT_DIR "/IDR4-key-%s.pem "
1211 CERT_DIR "/server.key", srv);
1212 } else {
1213 send_resp(dut, conn, SIGMA_ERROR,
1214 "errorCode,Unsupported OSUServerCert value");
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]1215 return STATUS_SENT;
Jouni Malinen93b170b2018-09-15 02:58:27 +0300[diff] [blame]1216 }
1217
1218 if (system(buf) < 0 || system(buf2) < 0)
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]1219 return ERROR_SEND_STATUS;
Jouni Malinen93b170b2018-09-15 02:58:27 +0300[diff] [blame]1220
1221 if (system("service apache2 reload") < 0) {
1222 send_resp(dut, conn, SIGMA_ERROR,
1223 "errorCode,Failed to restart Apache");
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]1224 return STATUS_SENT;
Jouni Malinen93b170b2018-09-15 02:58:27 +0300[diff] [blame]1225 }
Jouni Malinenab8c7182018-09-11 02:55:45 +0300[diff] [blame]1226 }
1227
1228 /* TODO */
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]1229 return SUCCESS_SEND_STATUS;
Jouni Malinenab8c7182018-09-11 02:55:45 +0300[diff] [blame]1230}
1231
1232
Jouni Malinencd4e3c32015-10-29 12:39:56 +0200[diff] [blame]1233void server_register_cmds(void)
1234{
Jouni Malinen72ac93c2018-09-04 13:12:59 +0300[diff] [blame]1235 sigma_dut_reg_cmd("server_ca_get_version", NULL,
1236 cmd_server_ca_get_version);
1237 sigma_dut_reg_cmd("server_get_info", NULL,
1238 cmd_server_get_info);
Jouni Malinencd4e3c32015-10-29 12:39:56 +0200[diff] [blame]1239 sigma_dut_reg_cmd("server_reset_default", NULL,
1240 cmd_server_reset_default);
1241 sigma_dut_reg_cmd("server_request_status", NULL,
1242 cmd_server_request_status);
Jouni Malinenab8c7182018-09-11 02:55:45 +0300[diff] [blame]1243 sigma_dut_reg_cmd("server_set_parameter", NULL,
1244 cmd_server_set_parameter);
Jouni Malinencd4e3c32015-10-29 12:39:56 +0200[diff] [blame]1245}