Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / vendor / qcom-opensource / wlan / utils / sigma-dut / 0b1be631760945a371f32f75e5f0946c3b33b3bd / . / server.c
blob: c89f59f009a065f12a34ac19465f2f4e644e2dd8 [file] [log] [blame]
Jouni Malinencd4e3c32015-10-29 12:39:56 +0200[diff] [blame]1/*
2 * Sigma Control API DUT (server)
3 * Copyright (c) 2014, Qualcomm Atheros, Inc.
Jouni Malinen2feb9132021-11-16 00:53:06 +0200[diff] [blame]4 * Copyright (c) 2018-2021, The Linux Foundation
Jouni Malinencd4e3c32015-10-29 12:39:56 +0200[diff] [blame]5 * All Rights Reserved.
6 * Licensed under the Clear BSD license. See README for more details.
7 */
8
9#include "sigma_dut.h"
Jouni Malinen3b17d532018-09-04 19:10:58 +0300[diff] [blame]10#include <sqlite3.h>
11
Jouni Malinenc54710d2019-01-23 12:34:21 +0200[diff] [blame]12#ifndef ROOT_DIR
13#define ROOT_DIR "/home/user/hs20-server"
14#endif /* ROOT_DIR */
15
Jouni Malinen3b17d532018-09-04 19:10:58 +0300[diff] [blame]16#ifndef SERVER_DB
Jouni Malinenc54710d2019-01-23 12:34:21 +0200[diff] [blame]17#define SERVER_DB ROOT_DIR "/AS/DB/eap_user.db"
Jouni Malinen3b17d532018-09-04 19:10:58 +0300[diff] [blame]18#endif /* SERVER_DB */
Jouni Malinencd4e3c32015-10-29 12:39:56 +0200[diff] [blame]19
Jouni Malinen93b170b2018-09-15 02:58:27 +0300[diff] [blame]20#ifndef CERT_DIR
Jouni Malinenc54710d2019-01-23 12:34:21 +0200[diff] [blame]21#define CERT_DIR ROOT_DIR "/certs"
Jouni Malinen93b170b2018-09-15 02:58:27 +0300[diff] [blame]22#endif /* CERT_DIR */
23
Jouni Malinencd4e3c32015-10-29 12:39:56 +0200[diff] [blame]24
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]25static enum sigma_cmd_result cmd_server_ca_get_version(struct sigma_dut *dut,
26 struct sigma_conn *conn,
27 struct sigma_cmd *cmd)
Jouni Malinen72ac93c2018-09-04 13:12:59 +0300[diff] [blame]28{
Jouni Malinendf866472019-01-23 12:21:47 +0200[diff] [blame]29 send_resp(dut, conn, SIGMA_COMPLETE, "version," SIGMA_DUT_VER);
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]30 return STATUS_SENT;
Jouni Malinen72ac93c2018-09-04 13:12:59 +0300[diff] [blame]31}
32
33
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]34static enum sigma_cmd_result cmd_server_get_info(struct sigma_dut *dut,
35 struct sigma_conn *conn,
36 struct sigma_cmd *cmd)
Jouni Malinen72ac93c2018-09-04 13:12:59 +0300[diff] [blame]37{
Jouni Malinenc54710d2019-01-23 12:34:21 +0200[diff] [blame]38 char ver[128], resp[256];
39
40 get_ver(ROOT_DIR "/spp/hs20_spp_server -v", ver, sizeof(ver));
41
42 snprintf(resp, sizeof(resp), "vendor,OSU,model,OS,version,%s", ver);
43 send_resp(dut, conn, SIGMA_COMPLETE, resp);
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]44 return STATUS_SENT;
Jouni Malinen72ac93c2018-09-04 13:12:59 +0300[diff] [blame]45}
46
47
Jouni Malinen3b17d532018-09-04 19:10:58 +0300[diff] [blame]48static int server_reset_user(struct sigma_dut *dut, const char *user)
49{
50 sqlite3 *db;
51 int res = -1;
52 char *sql = NULL;
53 const char *realm = "wi-fi.org";
54 const char *methods = "TTLS-MSCHAPV2";
55 const char *password = "ChangeMe";
56 int phase2 = 1;
57 int machine_managed = 1;
Jouni Malinen657bde62018-10-08 12:34:47 +0300[diff] [blame]58 const char *remediation = "";
Jouni Malinen3b17d532018-09-04 19:10:58 +0300[diff] [blame]59 int fetch_pps = 0;
60 const char *osu_user = NULL;
61 const char *osu_password = NULL;
Jouni Malinen7aab2052018-10-19 18:40:58 +0300[diff] [blame]62 const char *policy = NULL;
Jouni Malinen3b17d532018-09-04 19:10:58 +0300[diff] [blame]63
64 sigma_dut_print(dut, DUT_MSG_DEBUG, "Reset user %s", user);
65
66 if (sqlite3_open(SERVER_DB, &db)) {
67 sigma_dut_print(dut, DUT_MSG_ERROR,
68 "Failed to open SQLite database %s",
69 SERVER_DB);
70 return -1;
71 }
72
73 if (strcmp(user, "test01") == 0) {
Jouni Malinen657bde62018-10-08 12:34:47 +0300[diff] [blame]74 remediation = "machine";
Jouni Malinen3b17d532018-09-04 19:10:58 +0300[diff] [blame]75 } else if (strcmp(user, "test02") == 0) {
Jouni Malinen657bde62018-10-08 12:34:47 +0300[diff] [blame]76 remediation = "user";
Jouni Malinen3b17d532018-09-04 19:10:58 +0300[diff] [blame]77 machine_managed = 0;
78 } else if (strcmp(user, "test03") == 0) {
Jouni Malinen657bde62018-10-08 12:34:47 +0300[diff] [blame]79 /* UpdateInterval-based client trigger for policy update */
Jouni Malinen7aab2052018-10-19 18:40:58 +0300[diff] [blame]80 policy = "ruckus130";
Jouni Malinen3b17d532018-09-04 19:10:58 +0300[diff] [blame]81 } else if (strcmp(user, "test04") == 0) {
82 } else if (strcmp(user, "test05") == 0) {
83 } else if (strcmp(user, "test06") == 0) {
84 realm = "example.com";
85 } else if (strcmp(user, "test07") == 0) {
86 } else if (strcmp(user, "test08") == 0) {
Jouni Malinen657bde62018-10-08 12:34:47 +0300[diff] [blame]87 remediation = "machine";
Jouni Malinen3b17d532018-09-04 19:10:58 +0300[diff] [blame]88 osu_user = "testdmacc08";
89 osu_password = "P@ssw0rd";
90 } else if (strcmp(user, "test09") == 0) {
Jouni Malinen657bde62018-10-08 12:34:47 +0300[diff] [blame]91 /* UpdateInterval-based client trigger for policy update */
Jouni Malinen7aab2052018-10-19 18:40:58 +0300[diff] [blame]92 policy = "ruckus130";
Jouni Malinen364c0812018-10-15 10:37:47 +0300[diff] [blame]93 osu_user = "testdmacc09";
94 osu_password = "P@ssw0rd";
Jouni Malinen3b17d532018-09-04 19:10:58 +0300[diff] [blame]95 } else if (strcmp(user, "test10") == 0) {
Jouni Malinen657bde62018-10-08 12:34:47 +0300[diff] [blame]96 remediation = "machine";
Jouni Malinen3b17d532018-09-04 19:10:58 +0300[diff] [blame]97 methods = "TLS";
98 } else if (strcmp(user, "test11") == 0) {
99 } else if (strcmp(user, "test12") == 0) {
Jouni Malinen657bde62018-10-08 12:34:47 +0300[diff] [blame]100 remediation = "user";
Jouni Malinen3b17d532018-09-04 19:10:58 +0300[diff] [blame]101 methods = "TLS";
102 } else if (strcmp(user, "test20") == 0) {
103 } else if (strcmp(user, "test26") == 0) {
104 /* TODO: Cred01 with username/password? */
105 user = "1310026000000001";
106 methods = "SIM";
107 } else if (strcmp(user, "test30") == 0) {
108 osu_user = "testdmacc30";
109 osu_password = "P@ssw0rd";
110 } else if (strcmp(user, "test31") == 0) {
111 osu_user = "testdmacc31";
112 osu_password = "P@ssw0rd";
113 } else if (strcmp(user, "test32") == 0) {
114 osu_user = "testdmacc32";
115 osu_password = "P@ssw0rd";
116 } else if (strcmp(user, "test33") == 0) {
117 osu_user = "testdmacc33";
118 osu_password = "P@ssw0rd";
119 } else if (strcmp(user, "test34") == 0) {
120 osu_user = "testdmacc34";
121 osu_password = "P@ssw0rd";
122 } else if (strcmp(user, "test35") == 0) {
123 osu_user = "testdmacc35";
124 osu_password = "P@ssw0rd";
125 } else if (strcmp(user, "test36") == 0) {
126 } else if (strcmp(user, "test37") == 0) {
127 osu_user = "testdmacc37";
128 osu_password = "P@ssw0rd";
Jouni Malinen364c0812018-10-15 10:37:47 +0300[diff] [blame]129 } else if (strcmp(user, "testdmacc08") == 0 ||
130 strcmp(user, "testdmacc09") == 0) {
131 /* No need to set anything separate for testdmacc* users */
132 sqlite3_close(db);
133 return 0;
Jouni Malinen3b17d532018-09-04 19:10:58 +0300[diff] [blame]134 } else {
135 sigma_dut_print(dut, DUT_MSG_INFO, "Unsupported username '%s'",
136 user);
137 goto fail;
138 }
139
Jouni Malinen7aab2052018-10-19 18:40:58 +0300[diff] [blame]140 sql = sqlite3_mprintf("INSERT OR REPLACE INTO users(identity,realm,methods,password,phase2,machine_managed,remediation,fetch_pps,osu_user,osu_password,policy) VALUES (%Q,%Q,%Q,%Q,%d,%d,%Q,%d,%Q,%Q,%Q)",
Jouni Malinen3b17d532018-09-04 19:10:58 +0300[diff] [blame]141 user, realm, methods, password,
142 phase2, machine_managed, remediation, fetch_pps,
Jouni Malinen7aab2052018-10-19 18:40:58 +0300[diff] [blame]143 osu_user, osu_password, policy);
Jouni Malinen3b17d532018-09-04 19:10:58 +0300[diff] [blame]144
145 if (!sql)
146 goto fail;
147
148 sigma_dut_print(dut, DUT_MSG_DEBUG, "SQL: %s", sql);
149
150 if (sqlite3_exec(db, sql, NULL, NULL, NULL) != SQLITE_OK) {
151 sigma_dut_print(dut, DUT_MSG_ERROR, "SQL operation failed: %s",
152 sqlite3_errmsg(db));
153 } else {
154 res = 0;
155 }
156
157 sqlite3_free(sql);
158
159fail:
160 sqlite3_close(db);
161
162 return res;
163}
164
165
Jouni Malinenbbe959f2018-12-03 23:28:07 +0200[diff] [blame]166static int server_reset_serial(struct sigma_dut *dut, const char *serial)
167{
168 sqlite3 *db;
169 int res = -1;
170 char *sql = NULL;
171 const char *realm = "wi-fi.org";
172 const char *methods = "TLS";
173 int phase2 = 0;
174 int machine_managed = 1;
175 const char *remediation = "";
176 int fetch_pps = 0;
177 const char *osu_user = NULL;
178 const char *osu_password = NULL;
179 const char *policy = NULL;
180 char user[128];
Jouni Malinen2508a592019-01-23 01:07:08 +0200[diff] [blame]181 const char *cert = "";
182 const char *subrem = "";
Jouni Malinenbbe959f2018-12-03 23:28:07 +0200[diff] [blame]183
184 snprintf(user, sizeof(user), "cert-%s", serial);
185 sigma_dut_print(dut, DUT_MSG_DEBUG, "Reset user %s (serial number: %s)",
186 user, serial);
187
188 if (sqlite3_open(SERVER_DB, &db)) {
189 sigma_dut_print(dut, DUT_MSG_ERROR,
190 "Failed to open SQLite database %s",
191 SERVER_DB);
192 return -1;
193 }
194
195 if (strcmp(serial, "1046") == 0) {
196 remediation = "machine";
Jouni Malinen2508a592019-01-23 01:07:08 +0200[diff] [blame]197 cert = "3786eb9ef44778fe8048f9fa6f8c3e611f2dbdd15f239fa93edcc417debefa5a";
198 subrem = "homeoi";
Jouni Malinenbbe959f2018-12-03 23:28:07 +0200[diff] [blame]199 } else if (strcmp(serial, "1047") == 0) {
200 remediation = "user";
Jouni Malinen2508a592019-01-23 01:07:08 +0200[diff] [blame]201 cert = "55cd0af162f2fb6de5b9481e37a0b0887f42e477ab09586b0c10f24b269b893f";
Jouni Malinenbbe959f2018-12-03 23:28:07 +0200[diff] [blame]202 } else {
203 sigma_dut_print(dut, DUT_MSG_INFO,
204 "Unsupported serial number '%s'", serial);
205 goto fail;
206 }
207
Jouni Malinen2508a592019-01-23 01:07:08 +0200[diff] [blame]208 sql = sqlite3_mprintf("INSERT OR REPLACE INTO users(identity,realm,methods,phase2,machine_managed,remediation,fetch_pps,osu_user,osu_password,policy,cert,subrem) VALUES (%Q,%Q,%Q,%d,%d,%Q,%d,%Q,%Q,%Q,%Q,%Q)",
Jouni Malinenbbe959f2018-12-03 23:28:07 +0200[diff] [blame]209 user, realm, methods,
210 phase2, machine_managed, remediation, fetch_pps,
Jouni Malinen2508a592019-01-23 01:07:08 +0200[diff] [blame]211 osu_user, osu_password, policy, cert, subrem);
Jouni Malinenbbe959f2018-12-03 23:28:07 +0200[diff] [blame]212
213 if (!sql)
214 goto fail;
215
216 sigma_dut_print(dut, DUT_MSG_DEBUG, "SQL: %s", sql);
217
218 if (sqlite3_exec(db, sql, NULL, NULL, NULL) != SQLITE_OK) {
219 sigma_dut_print(dut, DUT_MSG_ERROR, "SQL operation failed: %s",
220 sqlite3_errmsg(db));
221 } else {
222 res = 0;
223 }
224
225 sqlite3_free(sql);
226
227fail:
228 sqlite3_close(db);
229
230 return res;
231}
232
233
Jouni Malinen05630ab2018-09-15 02:59:58 +0300[diff] [blame]234static int server_reset_cert_enroll(struct sigma_dut *dut, const char *addr)
235{
236 sqlite3 *db;
237 char *sql;
238
239 sigma_dut_print(dut, DUT_MSG_DEBUG,
240 "Reset certificate enrollment status for %s", addr);
241
242 if (sqlite3_open(SERVER_DB, &db)) {
243 sigma_dut_print(dut, DUT_MSG_ERROR,
244 "Failed to open SQLite database %s",
245 SERVER_DB);
246 return -1;
247 }
248 sql = sqlite3_mprintf("DELETE FROM cert_enroll WHERE mac_addr=%Q",
249 addr);
250 if (!sql) {
251 sqlite3_close(db);
252 return -1;
253 }
254 sigma_dut_print(dut, DUT_MSG_DEBUG, "SQL: %s", sql);
255
256 if (sqlite3_exec(db, sql, NULL, NULL, NULL) != SQLITE_OK) {
257 sigma_dut_print(dut, DUT_MSG_ERROR,
258 "SQL operation failed: %s",
259 sqlite3_errmsg(db));
260 sqlite3_free(sql);
261 sqlite3_close(db);
262 return -1;
263 }
264
265 sqlite3_free(sql);
266 sqlite3_close(db);
267
268 return 0;
269}
270
271
Jouni Malinen4ec26fe2018-12-16 17:43:25 +0200[diff] [blame]272static int server_reset_imsi(struct sigma_dut *dut, const char *imsi)
273{
274 sqlite3 *db;
275 char *sql;
276
277 sigma_dut_print(dut, DUT_MSG_DEBUG, "Reset policy provisioning for %s",
278 imsi);
279
280 if (sqlite3_open(SERVER_DB, &db)) {
281 sigma_dut_print(dut, DUT_MSG_ERROR,
282 "Failed to open SQLite database %s",
283 SERVER_DB);
284 return -1;
285 }
286 sql = sqlite3_mprintf("DELETE FROM users WHERE identity=%Q", imsi);
287 if (!sql) {
288 sqlite3_close(db);
289 return -1;
290 }
291 sigma_dut_print(dut, DUT_MSG_DEBUG, "SQL: %s", sql);
292
293 if (sqlite3_exec(db, sql, NULL, NULL, NULL) != SQLITE_OK) {
294 sigma_dut_print(dut, DUT_MSG_ERROR,
295 "SQL operation failed: %s",
296 sqlite3_errmsg(db));
297 sqlite3_free(sql);
298 sqlite3_close(db);
299 return -1;
300 }
301
302 sqlite3_free(sql);
303 sqlite3_close(db);
304
305 return 0;
306}
307
308
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]309static enum sigma_cmd_result cmd_server_reset_default(struct sigma_dut *dut,
310 struct sigma_conn *conn,
311 struct sigma_cmd *cmd)
Jouni Malinencd4e3c32015-10-29 12:39:56 +0200[diff] [blame]312{
313 const char *var;
Jouni Malinen94d7b122018-09-04 13:16:41 +0300[diff] [blame]314 enum sigma_program prog;
Jouni Malinencd4e3c32015-10-29 12:39:56 +0200[diff] [blame]315
316 var = get_param(cmd, "Program");
Jouni Malinen94d7b122018-09-04 13:16:41 +0300[diff] [blame]317 if (!var) {
318 send_resp(dut, conn, SIGMA_ERROR,
319 "errorCode,Missing program parameter");
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]320 return STATUS_SENT;
Jouni Malinen94d7b122018-09-04 13:16:41 +0300[diff] [blame]321 }
322
323 prog = sigma_program_to_enum(var);
Jouni Malinen9a742ff2022-01-27 00:43:14 +0200[diff] [blame]324 if (prog != PROGRAM_HS2_R2 && prog != PROGRAM_HS2_R3 &&
325 prog != PROGRAM_HS2_R4) {
Jouni Malinencd4e3c32015-10-29 12:39:56 +0200[diff] [blame]326 send_resp(dut, conn, SIGMA_ERROR,
327 "errorCode,Unsupported program");
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]328 return STATUS_SENT;
Jouni Malinencd4e3c32015-10-29 12:39:56 +0200[diff] [blame]329 }
330
331 var = get_param(cmd, "UserName");
Jouni Malinen3b17d532018-09-04 19:10:58 +0300[diff] [blame]332 if (var && server_reset_user(dut, var) < 0) {
333 send_resp(dut, conn, SIGMA_ERROR,
334 "errorCode,Failed to reset user account to defaults");
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]335 return STATUS_SENT;
Jouni Malinencd4e3c32015-10-29 12:39:56 +0200[diff] [blame]336 }
337
338 var = get_param(cmd, "SerialNo");
Jouni Malinenbbe959f2018-12-03 23:28:07 +0200[diff] [blame]339 if (var && server_reset_serial(dut, var)) {
340 send_resp(dut, conn, SIGMA_ERROR,
341 "errorCode,Failed to reset user account to defaults");
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]342 return STATUS_SENT;
Jouni Malinencd4e3c32015-10-29 12:39:56 +0200[diff] [blame]343 }
344
Jouni Malinen05630ab2018-09-15 02:59:58 +0300[diff] [blame]345 var = get_param(cmd, "ClientMACAddr");
346 if (var && server_reset_cert_enroll(dut, var) < 0) {
347 send_resp(dut, conn, SIGMA_ERROR,
348 "errorCode,Failed to reset cert enroll to defaults");
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]349 return STATUS_SENT;
Jouni Malinen05630ab2018-09-15 02:59:58 +0300[diff] [blame]350 }
351
Jouni Malinen4ec26fe2018-12-16 17:43:25 +0200[diff] [blame]352 var = get_param(cmd, "imsi_val");
353 if (var && server_reset_imsi(dut, var) < 0) {
354 send_resp(dut, conn, SIGMA_ERROR,
355 "errorCode,Failed to reset IMSI/SIM user");
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]356 return STATUS_SENT;
Jouni Malinen4ec26fe2018-12-16 17:43:25 +0200[diff] [blame]357 }
358
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]359 return SUCCESS_SEND_STATUS;
Jouni Malinencd4e3c32015-10-29 12:39:56 +0200[diff] [blame]360}
361
362
Jouni Malinen0f1614b2018-09-11 04:40:20 +0300[diff] [blame]363static int get_last_msk_cb(void *ctx, int argc, char *argv[], char *col[])
364{
365 char **last_msk = ctx;
366
367 if (argc < 1 || !argv[0])
368 return 0;
369
370 free(*last_msk);
371 *last_msk = strdup(argv[0]);
372
373 return 0;
374}
375
376
377static char * get_last_msk(struct sigma_dut *dut, sqlite3 *db,
378 const char *username)
379{
380 char *sql, *last_msk = NULL;
381
382 sql = sqlite3_mprintf("SELECT last_msk FROM users WHERE identity=%Q",
383 username);
384 if (!sql)
385 return NULL;
386
387 if (sqlite3_exec(db, sql, get_last_msk_cb, &last_msk, NULL) !=
388 SQLITE_OK) {
389 sigma_dut_print(dut, DUT_MSG_ERROR,
390 "SQL operation to fetch last_msk failed: %s",
391 sqlite3_errmsg(db));
392 sqlite3_free(sql);
393 return NULL;
394 }
395
396 sqlite3_free(sql);
397
398 return last_msk;
399}
400
401
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]402static enum sigma_cmd_result
403aaa_auth_status(struct sigma_dut *dut, struct sigma_conn *conn,
404 struct sigma_cmd *cmd, const char *username, int timeout)
Jouni Malinen0f1614b2018-09-11 04:40:20 +0300[diff] [blame]405{
406 sqlite3 *db;
407 char *sql = NULL;
408 int i;
409 char resp[500];
410
411 if (sqlite3_open(SERVER_DB, &db)) {
412 sigma_dut_print(dut, DUT_MSG_ERROR,
413 "Failed to open SQLite database %s",
414 SERVER_DB);
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]415 return INVALID_SEND_STATUS;
Jouni Malinen0f1614b2018-09-11 04:40:20 +0300[diff] [blame]416 }
417
418 sql = sqlite3_mprintf("UPDATE users SET last_msk=NULL WHERE identity=%Q",
419 username);
420 if (!sql) {
421 sqlite3_close(db);
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]422 return ERROR_SEND_STATUS;
Jouni Malinen0f1614b2018-09-11 04:40:20 +0300[diff] [blame]423 }
424
425 if (sqlite3_exec(db, sql, NULL, NULL, NULL) != SQLITE_OK) {
426 sigma_dut_print(dut, DUT_MSG_ERROR,
427 "SQL operation to clear last_msk failed: %s",
428 sqlite3_errmsg(db));
429 sqlite3_free(sql);
430 sqlite3_close(db);
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]431 return ERROR_SEND_STATUS;
Jouni Malinen0f1614b2018-09-11 04:40:20 +0300[diff] [blame]432 }
433
434 sqlite3_free(sql);
435
Jouni Malinen89dfb222018-10-07 16:51:39 +0300[diff] [blame]436 if (sqlite3_changes(db) < 1) {
437 sigma_dut_print(dut, DUT_MSG_ERROR,
438 "No DB rows modified (specified user not found)");
439 sqlite3_close(db);
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]440 return ERROR_SEND_STATUS;
Jouni Malinen89dfb222018-10-07 16:51:39 +0300[diff] [blame]441 }
442
Jouni Malinen0f1614b2018-09-11 04:40:20 +0300[diff] [blame]443 snprintf(resp, sizeof(resp), "AuthStatus,TIMEOUT,MSK,NULL");
444
445 for (i = 0; i < timeout; i++) {
446 char *last_msk;
447
448 last_msk = get_last_msk(dut, db, username);
449 if (last_msk) {
450 if (strcmp(last_msk, "FAIL") == 0) {
451 snprintf(resp, sizeof(resp),
452 "AuthStatus,FAIL,MSK,NULL");
453 } else {
454 snprintf(resp, sizeof(resp),
455 "AuthStatus,SUCCESS,MSK,%s", last_msk);
456 }
457 free(last_msk);
458 break;
459 }
460 sleep(1);
461 }
462
463 sqlite3_close(db);
464
465 send_resp(dut, conn, SIGMA_COMPLETE, resp);
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]466 return STATUS_SENT;
Jouni Malinen0f1614b2018-09-11 04:40:20 +0300[diff] [blame]467}
468
469
Jouni Malinen05630ab2018-09-15 02:59:58 +0300[diff] [blame]470static int get_last_serial_cb(void *ctx, int argc, char *argv[], char *col[])
471{
472 char **last_serial = ctx;
473
474 if (argc < 1 || !argv[0])
475 return 0;
476
477 free(*last_serial);
478 *last_serial = strdup(argv[0]);
479
480 return 0;
481}
482
483
484static char * get_last_serial(struct sigma_dut *dut, sqlite3 *db,
485 const char *addr)
486{
487 char *sql, *last_serial = NULL;
488
489 sql = sqlite3_mprintf("SELECT serialnum FROM cert_enroll WHERE mac_addr=%Q",
490 addr);
491 if (!sql)
492 return NULL;
493 sigma_dut_print(dut, DUT_MSG_DEBUG, "SQL: %s", sql);
494
495 if (sqlite3_exec(db, sql, get_last_serial_cb, &last_serial, NULL) !=
496 SQLITE_OK) {
497 sigma_dut_print(dut, DUT_MSG_ERROR,
498 "SQL operation to fetch last_serial failed: %s",
499 sqlite3_errmsg(db));
500 sqlite3_free(sql);
501 return NULL;
502 }
503
504 sqlite3_free(sql);
505
506 return last_serial;
507}
508
509
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]510static enum sigma_cmd_result
511osu_cert_enroll_status(struct sigma_dut *dut, struct sigma_conn *conn,
512 struct sigma_cmd *cmd, const char *addr, int timeout)
Jouni Malinen05630ab2018-09-15 02:59:58 +0300[diff] [blame]513{
514 sqlite3 *db;
515 int i;
516 char resp[500];
517
518 if (sqlite3_open(SERVER_DB, &db)) {
519 sigma_dut_print(dut, DUT_MSG_ERROR,
520 "Failed to open SQLite database %s",
521 SERVER_DB);
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]522 return INVALID_SEND_STATUS;
Jouni Malinen05630ab2018-09-15 02:59:58 +0300[diff] [blame]523 }
524
525 snprintf(resp, sizeof(resp), "OSUStatus,TIMEOUT");
526
527 for (i = 0; i < timeout; i++) {
528 char *last_serial;
529
530 last_serial = get_last_serial(dut, db, addr);
531 if (last_serial) {
532 if (strcmp(last_serial, "FAIL") == 0) {
533 snprintf(resp, sizeof(resp),
534 "OSUStatus,FAIL");
535 } else if (strlen(last_serial) > 0) {
536 snprintf(resp, sizeof(resp),
537 "OSUStatus,SUCCESS,SerialNo,%s",
538 last_serial);
539 }
540 free(last_serial);
541 break;
542 }
543 sleep(1);
544 }
545
546 sqlite3_close(db);
547
548 send_resp(dut, conn, SIGMA_COMPLETE, resp);
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]549 return STATUS_SENT;
Jouni Malinen05630ab2018-09-15 02:59:58 +0300[diff] [blame]550}
551
552
Jouni Malinen4ea3acb2018-10-08 13:06:30 +0300[diff] [blame]553static int get_user_field_cb(void *ctx, int argc, char *argv[], char *col[])
554{
555 char **val = ctx;
556
557 if (argc < 1 || !argv[0])
558 return 0;
559
560 free(*val);
561 *val = strdup(argv[0]);
562
563 return 0;
564}
565
566
Jouni Malinende664c32018-10-15 11:02:07 +0300[diff] [blame]567static char * get_user_field_helper(struct sigma_dut *dut, sqlite3 *db,
568 const char *id_field,
569 const char *identity, const char *field)
Jouni Malinen4ea3acb2018-10-08 13:06:30 +0300[diff] [blame]570{
571 char *sql, *val = NULL;
572
Jouni Malinende664c32018-10-15 11:02:07 +0300[diff] [blame]573 sql = sqlite3_mprintf("SELECT %s FROM users WHERE %s=%Q",
574 field, id_field, identity);
Jouni Malinen4ea3acb2018-10-08 13:06:30 +0300[diff] [blame]575 if (!sql)
576 return NULL;
577 sigma_dut_print(dut, DUT_MSG_DEBUG, "SQL: %s", sql);
578
579 if (sqlite3_exec(db, sql, get_user_field_cb, &val, NULL) != SQLITE_OK) {
580 sigma_dut_print(dut, DUT_MSG_ERROR,
581 "SQL operation to fetch user field failed: %s",
582 sqlite3_errmsg(db));
583 sqlite3_free(sql);
584 return NULL;
585 }
586
587 sqlite3_free(sql);
588
589 return val;
590}
591
592
Jouni Malinende664c32018-10-15 11:02:07 +0300[diff] [blame]593static char * get_user_field(struct sigma_dut *dut, sqlite3 *db,
594 const char *identity, const char *field)
595{
596 return get_user_field_helper(dut, db, "identity", identity, field);
597}
598
599
600static char * get_user_dmacc_field(struct sigma_dut *dut, sqlite3 *db,
601 const char *identity, const char *field)
602{
603 return get_user_field_helper(dut, db, "osu_user", identity, field);
604}
605
606
Jouni Malinen33f2acf2019-01-10 00:46:00 +0200[diff] [blame]607static int get_eventlog_new_serialno_cb(void *ctx, int argc, char *argv[],
608 char *col[])
609{
610 char **serialno = ctx;
611 char *val;
612
613 if (argc < 1 || !argv[0])
614 return 0;
615
616 val = argv[0];
617 if (strncmp(val, "renamed user to: cert-", 22) != 0)
618 return 0;
619 val += 22;
620 free(*serialno);
621 *serialno = strdup(val);
622
623 return 0;
624}
625
626
627static char * get_eventlog_new_serialno(struct sigma_dut *dut, sqlite3 *db,
628 const char *username)
629{
630 char *sql, *serial = NULL;
631
632 sql = sqlite3_mprintf("SELECT notes FROM eventlog WHERE user=%Q AND notes LIKE %Q",
633 username, "renamed user to:%");
634 if (!sql)
635 return NULL;
636
637 if (sqlite3_exec(db, sql, get_eventlog_new_serialno_cb, &serial,
638 NULL) != SQLITE_OK) {
639 sigma_dut_print(dut, DUT_MSG_ERROR,
640 "SQL operation to fetch new serialno failed: %s",
641 sqlite3_errmsg(db));
642 sqlite3_free(sql);
643 return NULL;
644 }
645
646 sqlite3_free(sql);
647
648 return serial;
649}
650
651
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]652static enum sigma_cmd_result
653osu_remediation_status(struct sigma_dut *dut, struct sigma_conn *conn,
654 int timeout, const char *username, const char *serialno)
Jouni Malinen4ea3acb2018-10-08 13:06:30 +0300[diff] [blame]655{
656 sqlite3 *db;
657 int i;
658 char resp[500];
659 char name[100];
660 char *remediation = NULL;
Jouni Malinende664c32018-10-15 11:02:07 +0300[diff] [blame]661 int dmacc = 0;
Jouni Malinen4ea3acb2018-10-08 13:06:30 +0300[diff] [blame]662
663 if (!username && !serialno)
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]664 return INVALID_SEND_STATUS;
Jouni Malinen4ea3acb2018-10-08 13:06:30 +0300[diff] [blame]665 if (!username) {
666 snprintf(name, sizeof(name), "cert-%s", serialno);
667 username = name;
668 }
669
670 if (sqlite3_open(SERVER_DB, &db)) {
671 sigma_dut_print(dut, DUT_MSG_ERROR,
672 "Failed to open SQLite database %s",
673 SERVER_DB);
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]674 return ERROR_SEND_STATUS;
Jouni Malinen4ea3acb2018-10-08 13:06:30 +0300[diff] [blame]675 }
676
677 remediation = get_user_field(dut, db, username, "remediation");
678 if (!remediation) {
Jouni Malinende664c32018-10-15 11:02:07 +0300[diff] [blame]679 remediation = get_user_dmacc_field(dut, db, username,
680 "remediation");
681 dmacc = 1;
682 }
683 if (!remediation) {
Jouni Malinen4ea3acb2018-10-08 13:06:30 +0300[diff] [blame]684 snprintf(resp, sizeof(resp),
685 "RemediationStatus,User entry not found");
686 goto done;
687 }
688 if (remediation[0] == '\0') {
689 snprintf(resp, sizeof(resp),
690 "RemediationStatus,User was not configured to need remediation");
691 goto done;
692 }
693
694 snprintf(resp, sizeof(resp), "RemediationStatus,TIMEOUT");
695
696 for (i = 0; i < timeout; i++) {
697 sleep(1);
698 free(remediation);
Jouni Malinende664c32018-10-15 11:02:07 +0300[diff] [blame]699 if (dmacc)
700 remediation = get_user_dmacc_field(dut, db, username,
701 "remediation");
702 else
703 remediation = get_user_field(dut, db, username,
704 "remediation");
Jouni Malinen33f2acf2019-01-10 00:46:00 +0200[diff] [blame]705 if (!remediation && serialno) {
706 char *new_serial;
707
708 /* Certificate reenrollment through subscription
709 * remediation - fetch the new serial number */
710 new_serial = get_eventlog_new_serialno(dut, db,
711 username);
712 if (!new_serial) {
713 /* New SerialNo not known?! */
714 snprintf(resp, sizeof(resp),
715 "RemediationStatus,Remediation Complete,SerialNo,Unknown");
716 break;
717 }
718 snprintf(resp, sizeof(resp),
719 "RemediationStatus,Remediation Complete,SerialNo,%s",
720 new_serial);
721 free(new_serial);
722 break;
723 } else if (remediation && remediation[0] == '\0') {
Jouni Malinen4ea3acb2018-10-08 13:06:30 +0300[diff] [blame]724 snprintf(resp, sizeof(resp),
725 "RemediationStatus,Remediation Complete");
726 break;
727 }
728 }
729
730done:
731 free(remediation);
732 sqlite3_close(db);
733
734 send_resp(dut, conn, SIGMA_COMPLETE, resp);
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]735 return STATUS_SENT;
Jouni Malinen4ea3acb2018-10-08 13:06:30 +0300[diff] [blame]736}
737
738
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]739static enum sigma_cmd_result
740osu_polupd_status(struct sigma_dut *dut, struct sigma_conn *conn, int timeout,
741 const char *username, const char *serialno)
Jouni Malinene9265832018-10-19 18:59:58 +0300[diff] [blame]742{
743 sqlite3 *db;
744 char *sql;
745 int i;
746 char resp[500];
747 char name[100];
748 char *policy = NULL;
749 int dmacc = 0;
750
751 if (!username && !serialno)
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]752 return INVALID_SEND_STATUS;
Jouni Malinene9265832018-10-19 18:59:58 +0300[diff] [blame]753 if (!username) {
754 snprintf(name, sizeof(name), "cert-%s", serialno);
755 username = name;
756 }
757
758 if (sqlite3_open(SERVER_DB, &db)) {
759 sigma_dut_print(dut, DUT_MSG_ERROR,
760 "Failed to open SQLite database %s",
761 SERVER_DB);
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]762 return ERROR_SEND_STATUS;
Jouni Malinene9265832018-10-19 18:59:58 +0300[diff] [blame]763 }
764
765 policy = get_user_field(dut, db, username, "policy");
766 if (!policy) {
767 policy = get_user_dmacc_field(dut, db, username, "policy");
768 dmacc = 1;
769 }
770 if (!policy) {
771 snprintf(resp, sizeof(resp),
772 "PolicyUpdateStatus,User entry not found");
773 goto done;
774 }
775 if (policy[0] == '\0') {
776 snprintf(resp, sizeof(resp),
777 "PolicyUpdateStatus,User was not configured to need policy update");
778 goto done;
779 }
780
781 sql = sqlite3_mprintf("UPDATE users SET polupd_done=0 WHERE %s=%Q",
782 (dmacc ? "osu_user" : "identity"),
783 username);
784 if (!sql) {
785 snprintf(resp, sizeof(resp),
786 "PolicyUpdateStatus,Internal error");
787 goto done;
788 }
789 sigma_dut_print(dut, DUT_MSG_DEBUG, "SQL: %s", sql);
790 if (sqlite3_exec(db, sql, NULL, NULL, NULL) != SQLITE_OK) {
791 sigma_dut_print(dut, DUT_MSG_ERROR,
792 "SQL operation to fetch user field failed: %s",
793 sqlite3_errmsg(db));
794 sqlite3_free(sql);
795 goto done;
796 }
797 sqlite3_free(sql);
798
799 snprintf(resp, sizeof(resp), "PolicyUpdateStatus,TIMEOUT");
800
801 for (i = 0; i < timeout; i++) {
802 sleep(1);
803 free(policy);
804 if (dmacc)
805 policy = get_user_dmacc_field(dut, db, username,
806 "polupd_done");
807 else
808 policy = get_user_field(dut, db, username,
809 "polupd_done");
810 if (policy && atoi(policy)) {
811 snprintf(resp, sizeof(resp),
812 "PolicyUpdateStatus,UpdateComplete");
813 break;
814 }
815 }
816
817done:
818 free(policy);
819 sqlite3_close(db);
820
821 send_resp(dut, conn, SIGMA_COMPLETE, resp);
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]822 return STATUS_SENT;
Jouni Malinene9265832018-10-19 18:59:58 +0300[diff] [blame]823}
824
825
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]826static enum sigma_cmd_result
827osu_sim_policy_provisioning_status(struct sigma_dut *dut,
828 struct sigma_conn *conn,
829 const char *imsi, int timeout)
Jouni Malinen7116cd42018-12-16 17:51:11 +0200[diff] [blame]830{
831 sqlite3 *db;
832 int i;
833 char resp[500];
834 char *id = NULL;
835
836 if (sqlite3_open(SERVER_DB, &db)) {
837 sigma_dut_print(dut, DUT_MSG_ERROR,
838 "Failed to open SQLite database %s",
839 SERVER_DB);
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]840 return INVALID_SEND_STATUS;
Jouni Malinen7116cd42018-12-16 17:51:11 +0200[diff] [blame]841 }
842
843 snprintf(resp, sizeof(resp), "PolicyProvisioning,TIMEOUT");
844
845 for (i = 0; i < timeout; i++) {
846 free(id);
847 id = get_user_field(dut, db, imsi, "identity");
848 if (id) {
849 snprintf(resp, sizeof(resp),
850 "PolicyProvisioning,Provisioning Complete");
851 break;
852 }
853 sleep(1);
854 }
855
856 free(id);
857 sqlite3_close(db);
858
859 send_resp(dut, conn, SIGMA_COMPLETE, resp);
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]860 return STATUS_SENT;
Jouni Malinen7116cd42018-12-16 17:51:11 +0200[diff] [blame]861}
862
863
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]864static enum sigma_cmd_result cmd_server_request_status(struct sigma_dut *dut,
865 struct sigma_conn *conn,
866 struct sigma_cmd *cmd)
Jouni Malinencd4e3c32015-10-29 12:39:56 +0200[diff] [blame]867{
868 const char *var, *username, *serialno, *imsi, *addr, *status;
869 int osu, timeout;
870 char resp[500];
Jouni Malinen0f1614b2018-09-11 04:40:20 +0300[diff] [blame]871 enum sigma_program prog;
Jouni Malinencd4e3c32015-10-29 12:39:56 +0200[diff] [blame]872
873 var = get_param(cmd, "Program");
Jouni Malinen0f1614b2018-09-11 04:40:20 +0300[diff] [blame]874 if (!var) {
875 send_resp(dut, conn, SIGMA_ERROR,
876 "errorCode,Missing program parameter");
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]877 return STATUS_SENT;
Jouni Malinen0f1614b2018-09-11 04:40:20 +0300[diff] [blame]878 }
879
880 prog = sigma_program_to_enum(var);
Jouni Malinen9a742ff2022-01-27 00:43:14 +0200[diff] [blame]881 if (prog != PROGRAM_HS2_R2 && prog != PROGRAM_HS2_R3 &&
882 prog != PROGRAM_HS2_R4) {
Jouni Malinen0b1be632022-05-16 20:02:13 +0300[diff] [blame^]883 send_resp(dut, conn, SIGMA_ERROR,
Jouni Malinencd4e3c32015-10-29 12:39:56 +0200[diff] [blame]884 "errorCode,Unsupported program");
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]885 return STATUS_SENT;
Jouni Malinencd4e3c32015-10-29 12:39:56 +0200[diff] [blame]886 }
887
888 var = get_param(cmd, "Device");
889 if (!var ||
890 (strcasecmp(var, "AAAServer") != 0 &&
891 strcasecmp(var, "OSUServer") != 0)) {
892 send_resp(dut, conn, SIGMA_ERROR,
893 "errorCode,Unsupported device type");
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]894 return STATUS_SENT;
Jouni Malinencd4e3c32015-10-29 12:39:56 +0200[diff] [blame]895 }
896 osu = strcasecmp(var, "OSUServer") == 0;
897
898 var = get_param(cmd, "Timeout");
899 if (!var) {
900 send_resp(dut, conn, SIGMA_ERROR,
901 "errorCode,Missing timeout");
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]902 return STATUS_SENT;
Jouni Malinencd4e3c32015-10-29 12:39:56 +0200[diff] [blame]903 }
904 timeout = atoi(var);
905 sigma_dut_print(dut, DUT_MSG_DEBUG, "timeout: %d", timeout);
906
907 username = get_param(cmd, "UserName");
908 if (username)
909 sigma_dut_print(dut, DUT_MSG_DEBUG, "UserName: %s", username);
910 serialno = get_param(cmd, "SerialNo");
911 if (serialno)
912 sigma_dut_print(dut, DUT_MSG_DEBUG, "SerialNo: %s", serialno);
913 imsi = get_param(cmd, "imsi_val");
914 if (imsi)
915 sigma_dut_print(dut, DUT_MSG_DEBUG, "imsi_val: %s", imsi);
916 addr = get_param(cmd, "ClientMACAddr");
917 if (addr)
918 sigma_dut_print(dut, DUT_MSG_DEBUG, "ClientMACAddr: %s", addr);
919 status = get_param(cmd, "Status");
920 if (status)
921 sigma_dut_print(dut, DUT_MSG_DEBUG, "Status: %s", status);
922
Jouni Malinen4ea3acb2018-10-08 13:06:30 +0300[diff] [blame]923 if (osu && status && strcasecmp(status, "Remediation") == 0)
924 return osu_remediation_status(dut, conn, timeout, username,
925 serialno);
Jouni Malinencd4e3c32015-10-29 12:39:56 +0200[diff] [blame]926
Jouni Malinene9265832018-10-19 18:59:58 +0300[diff] [blame]927 if (osu && status && strcasecmp(status, "PolicyUpdate") == 0)
928 return osu_polupd_status(dut, conn, timeout, username,
929 serialno);
930
Jouni Malinen0f1614b2018-09-11 04:40:20 +0300[diff] [blame]931 if (!osu && status && strcasecmp(status, "Authentication") == 0 &&
932 username)
933 return aaa_auth_status(dut, conn, cmd, username, timeout);
934
Jouni Malinen89dfb222018-10-07 16:51:39 +0300[diff] [blame]935 if (!osu && status && strcasecmp(status, "Authentication") == 0 &&
936 serialno) {
937 snprintf(resp, sizeof(resp), "cert-%s", serialno);
938 return aaa_auth_status(dut, conn, cmd, resp, timeout);
939 }
940
Jouni Malinen05630ab2018-09-15 02:59:58 +0300[diff] [blame]941 if (osu && status && strcasecmp(status, "OSU") == 0 && addr)
942 return osu_cert_enroll_status(dut, conn, cmd, addr, timeout);
943
Jouni Malinen7116cd42018-12-16 17:51:11 +0200[diff] [blame]944 if (osu && status && strcasecmp(status, "PolicyProvisioning") == 0 &&
945 imsi)
946 return osu_sim_policy_provisioning_status(dut, conn, imsi,
947 timeout);
948
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]949 return SUCCESS_SEND_STATUS;
Jouni Malinencd4e3c32015-10-29 12:39:56 +0200[diff] [blame]950}
951
952
Jouni Malinenb8b7e7b2018-09-26 13:39:42 +0300[diff] [blame]953static int osu_set_cert_reenroll(struct sigma_dut *dut, const char *serial,
954 int enable)
955{
956 sqlite3 *db;
957 char *sql;
958 char id[100];
959 int ret = -1;
960
961 if (sqlite3_open(SERVER_DB, &db)) {
962 sigma_dut_print(dut, DUT_MSG_ERROR,
963 "Failed to open SQLite database %s",
964 SERVER_DB);
965 return -1;
966 }
967
968 snprintf(id, sizeof(id), "cert-%s", serial);
969 sql = sqlite3_mprintf("UPDATE users SET remediation=%Q WHERE lower(identity)=lower(%Q)",
Jouni Malinen959372f2018-12-04 13:49:45 +0200[diff] [blame]970 enable ? "reenroll" : "", id);
Jouni Malinenb8b7e7b2018-09-26 13:39:42 +0300[diff] [blame]971 if (!sql)
972 goto fail;
973 sigma_dut_print(dut, DUT_MSG_DEBUG, "SQL: %s", sql);
974 if (sqlite3_exec(db, sql, NULL, NULL, NULL) != SQLITE_OK) {
975 sigma_dut_print(dut, DUT_MSG_ERROR, "SQL operation failed: %s",
976 sqlite3_errmsg(db));
977 goto fail;
978 }
979
980 if (sqlite3_changes(db) < 1) {
981 sigma_dut_print(dut, DUT_MSG_ERROR, "No DB rows modified (specified serial number not found)");
982 goto fail;
983 }
984
985 ret = 0;
986fail:
987 sqlite3_close(db);
988
989 return ret;
990}
991
992
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]993static enum sigma_cmd_result cmd_server_set_parameter(struct sigma_dut *dut,
994 struct sigma_conn *conn,
995 struct sigma_cmd *cmd)
Jouni Malinenab8c7182018-09-11 02:55:45 +0300[diff] [blame]996{
Jouni Malinen93b170b2018-09-15 02:58:27 +0300[diff] [blame]997 const char *var, *root_ca, *inter_ca, *osu_cert, *issuing_arch, *name;
Jouni Malinenb8b7e7b2018-09-26 13:39:42 +0300[diff] [blame]998 const char *reenroll, *serial;
Jouni Malinenab8c7182018-09-11 02:55:45 +0300[diff] [blame]999 int osu, timeout = -1;
1000 enum sigma_program prog;
1001
1002 var = get_param(cmd, "Program");
1003 if (!var) {
1004 send_resp(dut, conn, SIGMA_ERROR,
1005 "errorCode,Missing program parameter");
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]1006 return STATUS_SENT;
Jouni Malinenab8c7182018-09-11 02:55:45 +0300[diff] [blame]1007 }
1008
1009 prog = sigma_program_to_enum(var);
Jouni Malinen9a742ff2022-01-27 00:43:14 +0200[diff] [blame]1010 if (prog != PROGRAM_HS2_R2 && prog != PROGRAM_HS2_R3 &&
1011 prog != PROGRAM_HS2_R4) {
Jouni Malinenab8c7182018-09-11 02:55:45 +0300[diff] [blame]1012 send_resp(dut, conn, SIGMA_ERROR,
1013 "errorCode,Unsupported program");
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]1014 return STATUS_SENT;
Jouni Malinenab8c7182018-09-11 02:55:45 +0300[diff] [blame]1015 }
1016
1017 var = get_param(cmd, "Device");
1018 if (!var ||
1019 (strcasecmp(var, "AAAServer") != 0 &&
1020 strcasecmp(var, "OSUServer") != 0)) {
1021 send_resp(dut, conn, SIGMA_ERROR,
1022 "errorCode,Unsupported device type");
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]1023 return STATUS_SENT;
Jouni Malinenab8c7182018-09-11 02:55:45 +0300[diff] [blame]1024 }
1025 osu = strcasecmp(var, "OSUServer") == 0;
1026
1027 var = get_param(cmd, "Timeout");
1028 if (var)
1029 timeout = atoi(var);
1030
1031 var = get_param(cmd, "ProvisioningProto");
1032 if (var && strcasecmp(var, "SOAP") != 0) {
1033 send_resp(dut, conn, SIGMA_ERROR,
1034 "errorCode,Unsupported ProvisioningProto");
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]1035 return STATUS_SENT;
Jouni Malinenab8c7182018-09-11 02:55:45 +0300[diff] [blame]1036 }
1037
Jouni Malinenb8b7e7b2018-09-26 13:39:42 +0300[diff] [blame]1038 reenroll = get_param(cmd, "CertReEnroll");
1039 serial = get_param(cmd, "SerialNo");
1040 if (reenroll && serial) {
1041 int enable;
1042
1043 if (strcasecmp(reenroll, "Enable") == 0) {
1044 enable = 1;
1045 } else if (strcasecmp(reenroll, "Disable") == 0) {
1046 enable = 0;
1047 } else {
1048 send_resp(dut, conn, SIGMA_ERROR,
1049 "errorCode,Invalid CertReEnroll value");
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]1050 return STATUS_SENT;
Jouni Malinenb8b7e7b2018-09-26 13:39:42 +0300[diff] [blame]1051 }
1052
1053 if (osu_set_cert_reenroll(dut, serial, enable) < 0) {
1054 send_resp(dut, conn, SIGMA_ERROR,
1055 "errorCode,Failed to update certificate reenrollment state");
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]1056 return STATUS_SENT;
Jouni Malinenb8b7e7b2018-09-26 13:39:42 +0300[diff] [blame]1057 }
1058 }
1059
Jouni Malinen93b170b2018-09-15 02:58:27 +0300[diff] [blame]1060 name = get_param(cmd, "Name");
1061 root_ca = get_param(cmd, "TrustRootCACert");
1062 inter_ca = get_param(cmd, "InterCACert");
1063 osu_cert = get_param(cmd, "OSUServerCert");
1064 issuing_arch = get_param(cmd, "Issuing_Arch");
1065
Jouni Malinenab8c7182018-09-11 02:55:45 +0300[diff] [blame]1066 if (timeout > -1) {
1067 /* TODO */
1068 }
1069
Jouni Malinen93b170b2018-09-15 02:58:27 +0300[diff] [blame]1070 if (osu && name && root_ca && inter_ca && osu_cert && issuing_arch) {
1071 const char *srv;
1072 char buf[500];
1073 char buf2[500];
1074 int col;
1075
1076 sigma_dut_print(dut, DUT_MSG_DEBUG,
1077 "Update server certificate setup");
1078
1079 if (strcasecmp(name, "ruckus") == 0) {
1080 srv = "RKS";
1081 } else if (strcasecmp(name, "aruba") == 0) {
1082 srv = "ARU";
1083 } else {
1084 send_resp(dut, conn, SIGMA_ERROR,
1085 "errorCode,Unsupported Name value");
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]1086 return STATUS_SENT;
Jouni Malinen93b170b2018-09-15 02:58:27 +0300[diff] [blame]1087 }
1088
1089 if (strcasecmp(issuing_arch, "col2") == 0) {
1090 col = 2;
1091 } else if (strcasecmp(issuing_arch, "col4") == 0) {
1092 col = 4;
1093 } else {
1094 send_resp(dut, conn, SIGMA_ERROR,
1095 "errorCode,Unsupported Issuing_Arch value");
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]1096 return STATUS_SENT;
Jouni Malinen93b170b2018-09-15 02:58:27 +0300[diff] [blame]1097 }
1098
1099 if (strcasecmp(root_ca, "ID-T") == 0) {
1100 sigma_dut_print(dut, DUT_MSG_DEBUG,
1101 "OSU trust root: NetworkFX");
1102 if (system("cp " CERT_DIR "/IDT-cert-RootCA.pem "
1103 CERT_DIR "/cacert.pem") < 0)
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]1104 return ERROR_SEND_STATUS;
Jouni Malinen93b170b2018-09-15 02:58:27 +0300[diff] [blame]1105 } else if (strcasecmp(root_ca, "ID-Y") == 0) {
1106 sigma_dut_print(dut, DUT_MSG_DEBUG,
1107 "OSU trust root: NetworkFX");
1108 if (system("cp " CERT_DIR "/IDY-cert-RootCA.pem "
1109 CERT_DIR "/cacert.pem") < 0)
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]1110 return ERROR_SEND_STATUS;
Jouni Malinen2e1ab0f2021-10-08 21:17:14 +0300[diff] [blame]1111 } else if (strcasecmp(root_ca, "ID-K.1") == 0) {
1112 sigma_dut_print(dut, DUT_MSG_DEBUG,
1113 "OSU trust root: Not-trusted");
1114 if (system("cp " CERT_DIR "/IDK1-ca.pem "
1115 CERT_DIR "/cacert.pem") < 0)
1116 return ERROR_SEND_STATUS;
Jouni Malinen93b170b2018-09-15 02:58:27 +0300[diff] [blame]1117 } else {
1118 send_resp(dut, conn, SIGMA_ERROR,
1119 "errorCode,Unsupported TrustRootCACert value");
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]1120 return STATUS_SENT;
Jouni Malinen93b170b2018-09-15 02:58:27 +0300[diff] [blame]1121 }
1122
1123 if (strcasecmp(inter_ca, "ID-Z.2") == 0) {
1124 sigma_dut_print(dut, DUT_MSG_DEBUG,
1125 "OSU intermediate CA: NetworkFX (col2)");
1126 if (system("cat " CERT_DIR "/IDZ2-cert-InterCA.pem >> "
1127 CERT_DIR "/cacert.pem") < 0)
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]1128 return ERROR_SEND_STATUS;
Jouni Malinen93b170b2018-09-15 02:58:27 +0300[diff] [blame]1129 } else if (strcasecmp(inter_ca, "ID-Z.4") == 0) {
1130 sigma_dut_print(dut, DUT_MSG_DEBUG,
1131 "OSU intermediate CA: DigiCert (col2)");
1132 if (system("cat " CERT_DIR "/IDZ4-cert-InterCA.pem >> "
1133 CERT_DIR "/cacert.pem") < 0)
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]1134 return ERROR_SEND_STATUS;
Jouni Malinen93b170b2018-09-15 02:58:27 +0300[diff] [blame]1135 } else if (strcasecmp(inter_ca, "ID-Z.6") == 0) {
1136 sigma_dut_print(dut, DUT_MSG_DEBUG,
1137 "OSU intermediate CA: NetworkFX (col4)");
1138 if (system("cat " CERT_DIR "/IDZ6-cert-InterCA.pem >> "
1139 CERT_DIR "/cacert.pem") < 0)
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]1140 return ERROR_SEND_STATUS;
Jouni Malinen93b170b2018-09-15 02:58:27 +0300[diff] [blame]1141 } else if (strcasecmp(inter_ca, "ID-Z.8") == 0) {
1142 sigma_dut_print(dut, DUT_MSG_DEBUG,
1143 "OSU intermediate CA: DigiCert (col4)");
1144 if (system("cat " CERT_DIR "/IDZ8-cert-InterCA.pem >> "
1145 CERT_DIR "/cacert.pem") < 0)
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]1146 return ERROR_SEND_STATUS;
Jouni Malinen2e1ab0f2021-10-08 21:17:14 +0300[diff] [blame]1147 } else if (strcasecmp(inter_ca, "ID-K.1") == 0) {
1148 sigma_dut_print(dut, DUT_MSG_DEBUG,
1149 "OSU intermediate CA: Not-trusted");
1150 if (system("cat " CERT_DIR "/IDK1-IntCA.pem >> "
1151 CERT_DIR "/cacert.pem") < 0)
1152 return ERROR_SEND_STATUS;
Jouni Malinen93b170b2018-09-15 02:58:27 +0300[diff] [blame]1153 } else {
1154 send_resp(dut, conn, SIGMA_ERROR,
1155 "errorCode,Unsupported InterCACert value");
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]1156 return STATUS_SENT;
Jouni Malinen93b170b2018-09-15 02:58:27 +0300[diff] [blame]1157 }
1158
1159 if (strcasecmp(osu_cert, "ID-Q") == 0) {
1160 sigma_dut_print(dut, DUT_MSG_DEBUG,
1161 "OSU server cert: NetworkFX col%d",
1162 col);
1163 snprintf(buf, sizeof(buf),
1164 "cp " CERT_DIR "/IDQ-cert-c%d-%s.pem "
1165 CERT_DIR "/server.pem",
1166 col, srv);
1167 snprintf(buf2, sizeof(buf2),
1168 "cp " CERT_DIR "/IDQ-key-%s.pem "
1169 CERT_DIR "/server.key", srv);
1170 } else if (strcasecmp(osu_cert, "ID-W") == 0) {
1171 sigma_dut_print(dut, DUT_MSG_DEBUG,
1172 "OSU server cert: DigiCert col%d",
1173 col);
1174 snprintf(buf, sizeof(buf),
1175 "cp " CERT_DIR "/IDW-cert-c%d-%s.pem "
1176 CERT_DIR "/server.pem",
1177 col, srv);
1178 snprintf(buf2, sizeof(buf2),
1179 "cp " CERT_DIR "/IDW-key-%s.pem "
1180 CERT_DIR "/server.key", srv);
Jouni Malinen2e1ab0f2021-10-08 21:17:14 +0300[diff] [blame]1181 } else if (strcasecmp(osu_cert, "ID-K.1") == 0) {
1182 sigma_dut_print(dut, DUT_MSG_DEBUG,
1183 "OSU server cert: Not-trusted");
1184 snprintf(buf, sizeof(buf),
1185 "cp " CERT_DIR "/IDK1-cert-%s.pem "
1186 CERT_DIR "/server.pem",
1187 srv);
1188 snprintf(buf2, sizeof(buf2),
1189 "cp " CERT_DIR "/IDK1-key-%s.pem "
1190 CERT_DIR "/server.key", srv);
Jouni Malinen93b170b2018-09-15 02:58:27 +0300[diff] [blame]1191 } else if (strcasecmp(osu_cert, "ID-R.2") == 0) {
1192 sigma_dut_print(dut, DUT_MSG_DEBUG,
1193 "OSU server cert: NetworkFX revoked col%d",
1194 col);
1195 snprintf(buf, sizeof(buf),
1196 "cp " CERT_DIR "/IDR2-cert-c%d-%s.pem "
1197 CERT_DIR "/server.pem",
1198 col, srv);
1199 snprintf(buf2, sizeof(buf2),
1200 "cp " CERT_DIR "/IDR2-key-%s.pem "
1201 CERT_DIR "/server.key", srv);
1202 } else if (strcasecmp(osu_cert, "ID-R.4") == 0) {
1203 sigma_dut_print(dut, DUT_MSG_DEBUG,
1204 "OSU server cert: DigiCert revoked col%d",
1205 col);
1206 snprintf(buf, sizeof(buf),
1207 "cp " CERT_DIR "/IDR4-cert-c%d-%s.pem "
1208 CERT_DIR "/server.pem",
1209 col, srv);
1210 snprintf(buf2, sizeof(buf2),
1211 "cp " CERT_DIR "/IDR4-key-%s.pem "
1212 CERT_DIR "/server.key", srv);
1213 } else {
1214 send_resp(dut, conn, SIGMA_ERROR,
1215 "errorCode,Unsupported OSUServerCert value");
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]1216 return STATUS_SENT;
Jouni Malinen93b170b2018-09-15 02:58:27 +0300[diff] [blame]1217 }
1218
1219 if (system(buf) < 0 || system(buf2) < 0)
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]1220 return ERROR_SEND_STATUS;
Jouni Malinen93b170b2018-09-15 02:58:27 +0300[diff] [blame]1221
1222 if (system("service apache2 reload") < 0) {
1223 send_resp(dut, conn, SIGMA_ERROR,
1224 "errorCode,Failed to restart Apache");
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]1225 return STATUS_SENT;
Jouni Malinen93b170b2018-09-15 02:58:27 +0300[diff] [blame]1226 }
Jouni Malinenab8c7182018-09-11 02:55:45 +0300[diff] [blame]1227 }
1228
1229 /* TODO */
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]1230 return SUCCESS_SEND_STATUS;
Jouni Malinenab8c7182018-09-11 02:55:45 +0300[diff] [blame]1231}
1232
1233
Jouni Malinencd4e3c32015-10-29 12:39:56 +0200[diff] [blame]1234void server_register_cmds(void)
1235{
Jouni Malinen72ac93c2018-09-04 13:12:59 +0300[diff] [blame]1236 sigma_dut_reg_cmd("server_ca_get_version", NULL,
1237 cmd_server_ca_get_version);
1238 sigma_dut_reg_cmd("server_get_info", NULL,
1239 cmd_server_get_info);
Jouni Malinencd4e3c32015-10-29 12:39:56 +0200[diff] [blame]1240 sigma_dut_reg_cmd("server_reset_default", NULL,
1241 cmd_server_reset_default);
1242 sigma_dut_reg_cmd("server_request_status", NULL,
1243 cmd_server_request_status);
Jouni Malinenab8c7182018-09-11 02:55:45 +0300[diff] [blame]1244 sigma_dut_reg_cmd("server_set_parameter", NULL,
1245 cmd_server_set_parameter);
Jouni Malinencd4e3c32015-10-29 12:39:56 +0200[diff] [blame]1246}