Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / vendor / qcom-opensource / wlan / utils / sigma-dut / refs/heads/int/13/fp4 / . / server.c
blob: 0d2da05686571d85403bbd77d280ffbd43d2010f [file] [log] [blame]
Jouni Malinencd4e3c32015-10-29 12:39:56 +0200[diff] [blame]1/*
2 * Sigma Control API DUT (server)
3 * Copyright (c) 2014, Qualcomm Atheros, Inc.
Jouni Malinen2feb9132021-11-16 00:53:06 +0200[diff] [blame]4 * Copyright (c) 2018-2021, The Linux Foundation
Jouni Malinencd4e3c32015-10-29 12:39:56 +0200[diff] [blame]5 * All Rights Reserved.
6 * Licensed under the Clear BSD license. See README for more details.
7 */
8
9#include "sigma_dut.h"
Jouni Malinen3b17d532018-09-04 19:10:58 +0300[diff] [blame]10#include <sqlite3.h>
11
Jouni Malinenc54710d2019-01-23 12:34:21 +0200[diff] [blame]12#ifndef ROOT_DIR
13#define ROOT_DIR "/home/user/hs20-server"
14#endif /* ROOT_DIR */
15
Jouni Malinen3b17d532018-09-04 19:10:58 +0300[diff] [blame]16#ifndef SERVER_DB
Jouni Malinenc54710d2019-01-23 12:34:21 +0200[diff] [blame]17#define SERVER_DB ROOT_DIR "/AS/DB/eap_user.db"
Jouni Malinen3b17d532018-09-04 19:10:58 +0300[diff] [blame]18#endif /* SERVER_DB */
Jouni Malinencd4e3c32015-10-29 12:39:56 +0200[diff] [blame]19
Jouni Malinen93b170b2018-09-15 02:58:27 +0300[diff] [blame]20#ifndef CERT_DIR
Jouni Malinenc54710d2019-01-23 12:34:21 +0200[diff] [blame]21#define CERT_DIR ROOT_DIR "/certs"
Jouni Malinen93b170b2018-09-15 02:58:27 +0300[diff] [blame]22#endif /* CERT_DIR */
23
Jouni Malinencd4e3c32015-10-29 12:39:56 +0200[diff] [blame]24
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]25static enum sigma_cmd_result cmd_server_ca_get_version(struct sigma_dut *dut,
26 struct sigma_conn *conn,
27 struct sigma_cmd *cmd)
Jouni Malinen72ac93c2018-09-04 13:12:59 +0300[diff] [blame]28{
Jouni Malinendf866472019-01-23 12:21:47 +0200[diff] [blame]29 send_resp(dut, conn, SIGMA_COMPLETE, "version," SIGMA_DUT_VER);
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]30 return STATUS_SENT;
Jouni Malinen72ac93c2018-09-04 13:12:59 +0300[diff] [blame]31}
32
33
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]34static enum sigma_cmd_result cmd_server_get_info(struct sigma_dut *dut,
35 struct sigma_conn *conn,
36 struct sigma_cmd *cmd)
Jouni Malinen72ac93c2018-09-04 13:12:59 +0300[diff] [blame]37{
Jouni Malinenc54710d2019-01-23 12:34:21 +0200[diff] [blame]38 char ver[128], resp[256];
39
40 get_ver(ROOT_DIR "/spp/hs20_spp_server -v", ver, sizeof(ver));
41
42 snprintf(resp, sizeof(resp), "vendor,OSU,model,OS,version,%s", ver);
43 send_resp(dut, conn, SIGMA_COMPLETE, resp);
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]44 return STATUS_SENT;
Jouni Malinen72ac93c2018-09-04 13:12:59 +0300[diff] [blame]45}
46
47
Jouni Malinen3b17d532018-09-04 19:10:58 +0300[diff] [blame]48static int server_reset_user(struct sigma_dut *dut, const char *user)
49{
50 sqlite3 *db;
51 int res = -1;
52 char *sql = NULL;
53 const char *realm = "wi-fi.org";
54 const char *methods = "TTLS-MSCHAPV2";
55 const char *password = "ChangeMe";
56 int phase2 = 1;
57 int machine_managed = 1;
Jouni Malinen657bde62018-10-08 12:34:47 +0300[diff] [blame]58 const char *remediation = "";
Jouni Malinen3b17d532018-09-04 19:10:58 +0300[diff] [blame]59 int fetch_pps = 0;
60 const char *osu_user = NULL;
61 const char *osu_password = NULL;
Jouni Malinen7aab2052018-10-19 18:40:58 +0300[diff] [blame]62 const char *policy = NULL;
Jouni Malinen3b17d532018-09-04 19:10:58 +0300[diff] [blame]63
64 sigma_dut_print(dut, DUT_MSG_DEBUG, "Reset user %s", user);
65
66 if (sqlite3_open(SERVER_DB, &db)) {
67 sigma_dut_print(dut, DUT_MSG_ERROR,
68 "Failed to open SQLite database %s",
69 SERVER_DB);
70 return -1;
71 }
72
73 if (strcmp(user, "test01") == 0) {
Jouni Malinen657bde62018-10-08 12:34:47 +0300[diff] [blame]74 remediation = "machine";
Jouni Malinen3b17d532018-09-04 19:10:58 +0300[diff] [blame]75 } else if (strcmp(user, "test02") == 0) {
Jouni Malinen657bde62018-10-08 12:34:47 +0300[diff] [blame]76 remediation = "user";
Jouni Malinen3b17d532018-09-04 19:10:58 +0300[diff] [blame]77 machine_managed = 0;
78 } else if (strcmp(user, "test03") == 0) {
Jouni Malinen657bde62018-10-08 12:34:47 +0300[diff] [blame]79 /* UpdateInterval-based client trigger for policy update */
Jouni Malinen7aab2052018-10-19 18:40:58 +0300[diff] [blame]80 policy = "ruckus130";
Jouni Malinen3b17d532018-09-04 19:10:58 +0300[diff] [blame]81 } else if (strcmp(user, "test04") == 0) {
82 } else if (strcmp(user, "test05") == 0) {
83 } else if (strcmp(user, "test06") == 0) {
84 realm = "example.com";
85 } else if (strcmp(user, "test07") == 0) {
86 } else if (strcmp(user, "test08") == 0) {
Jouni Malinen657bde62018-10-08 12:34:47 +0300[diff] [blame]87 remediation = "machine";
Jouni Malinen3b17d532018-09-04 19:10:58 +0300[diff] [blame]88 osu_user = "testdmacc08";
89 osu_password = "P@ssw0rd";
90 } else if (strcmp(user, "test09") == 0) {
Jouni Malinen657bde62018-10-08 12:34:47 +0300[diff] [blame]91 /* UpdateInterval-based client trigger for policy update */
Jouni Malinen7aab2052018-10-19 18:40:58 +0300[diff] [blame]92 policy = "ruckus130";
Jouni Malinen364c0812018-10-15 10:37:47 +0300[diff] [blame]93 osu_user = "testdmacc09";
94 osu_password = "P@ssw0rd";
Jouni Malinen3b17d532018-09-04 19:10:58 +0300[diff] [blame]95 } else if (strcmp(user, "test10") == 0) {
Jouni Malinen657bde62018-10-08 12:34:47 +0300[diff] [blame]96 remediation = "machine";
Jouni Malinen3b17d532018-09-04 19:10:58 +0300[diff] [blame]97 methods = "TLS";
98 } else if (strcmp(user, "test11") == 0) {
99 } else if (strcmp(user, "test12") == 0) {
Jouni Malinen657bde62018-10-08 12:34:47 +0300[diff] [blame]100 remediation = "user";
Jouni Malinen3b17d532018-09-04 19:10:58 +0300[diff] [blame]101 methods = "TLS";
102 } else if (strcmp(user, "test20") == 0) {
103 } else if (strcmp(user, "test26") == 0) {
104 /* TODO: Cred01 with username/password? */
105 user = "1310026000000001";
106 methods = "SIM";
107 } else if (strcmp(user, "test30") == 0) {
108 osu_user = "testdmacc30";
109 osu_password = "P@ssw0rd";
110 } else if (strcmp(user, "test31") == 0) {
111 osu_user = "testdmacc31";
112 osu_password = "P@ssw0rd";
113 } else if (strcmp(user, "test32") == 0) {
114 osu_user = "testdmacc32";
115 osu_password = "P@ssw0rd";
116 } else if (strcmp(user, "test33") == 0) {
117 osu_user = "testdmacc33";
118 osu_password = "P@ssw0rd";
119 } else if (strcmp(user, "test34") == 0) {
120 osu_user = "testdmacc34";
121 osu_password = "P@ssw0rd";
122 } else if (strcmp(user, "test35") == 0) {
123 osu_user = "testdmacc35";
124 osu_password = "P@ssw0rd";
125 } else if (strcmp(user, "test36") == 0) {
126 } else if (strcmp(user, "test37") == 0) {
127 osu_user = "testdmacc37";
128 osu_password = "P@ssw0rd";
Jouni Malinen364c0812018-10-15 10:37:47 +0300[diff] [blame]129 } else if (strcmp(user, "testdmacc08") == 0 ||
130 strcmp(user, "testdmacc09") == 0) {
131 /* No need to set anything separate for testdmacc* users */
132 sqlite3_close(db);
133 return 0;
Jouni Malinen3b17d532018-09-04 19:10:58 +0300[diff] [blame]134 } else {
135 sigma_dut_print(dut, DUT_MSG_INFO, "Unsupported username '%s'",
136 user);
137 goto fail;
138 }
139
Jouni Malinen7aab2052018-10-19 18:40:58 +0300[diff] [blame]140 sql = sqlite3_mprintf("INSERT OR REPLACE INTO users(identity,realm,methods,password,phase2,machine_managed,remediation,fetch_pps,osu_user,osu_password,policy) VALUES (%Q,%Q,%Q,%Q,%d,%d,%Q,%d,%Q,%Q,%Q)",
Jouni Malinen3b17d532018-09-04 19:10:58 +0300[diff] [blame]141 user, realm, methods, password,
142 phase2, machine_managed, remediation, fetch_pps,
Jouni Malinen7aab2052018-10-19 18:40:58 +0300[diff] [blame]143 osu_user, osu_password, policy);
Jouni Malinen3b17d532018-09-04 19:10:58 +0300[diff] [blame]144
145 if (!sql)
146 goto fail;
147
148 sigma_dut_print(dut, DUT_MSG_DEBUG, "SQL: %s", sql);
149
150 if (sqlite3_exec(db, sql, NULL, NULL, NULL) != SQLITE_OK) {
151 sigma_dut_print(dut, DUT_MSG_ERROR, "SQL operation failed: %s",
152 sqlite3_errmsg(db));
153 } else {
154 res = 0;
155 }
156
157 sqlite3_free(sql);
158
159fail:
160 sqlite3_close(db);
161
162 return res;
163}
164
165
Jouni Malinenbbe959f2018-12-03 23:28:07 +0200[diff] [blame]166static int server_reset_serial(struct sigma_dut *dut, const char *serial)
167{
168 sqlite3 *db;
169 int res = -1;
170 char *sql = NULL;
171 const char *realm = "wi-fi.org";
172 const char *methods = "TLS";
173 int phase2 = 0;
174 int machine_managed = 1;
175 const char *remediation = "";
176 int fetch_pps = 0;
177 const char *osu_user = NULL;
178 const char *osu_password = NULL;
179 const char *policy = NULL;
180 char user[128];
Jouni Malinen2508a592019-01-23 01:07:08 +0200[diff] [blame]181 const char *cert = "";
182 const char *subrem = "";
Jouni Malinenbbe959f2018-12-03 23:28:07 +0200[diff] [blame]183
184 snprintf(user, sizeof(user), "cert-%s", serial);
185 sigma_dut_print(dut, DUT_MSG_DEBUG, "Reset user %s (serial number: %s)",
186 user, serial);
187
188 if (sqlite3_open(SERVER_DB, &db)) {
189 sigma_dut_print(dut, DUT_MSG_ERROR,
190 "Failed to open SQLite database %s",
191 SERVER_DB);
192 return -1;
193 }
194
195 if (strcmp(serial, "1046") == 0) {
196 remediation = "machine";
Jouni Malinen2508a592019-01-23 01:07:08 +0200[diff] [blame]197 cert = "3786eb9ef44778fe8048f9fa6f8c3e611f2dbdd15f239fa93edcc417debefa5a";
198 subrem = "homeoi";
Jouni Malinenbbe959f2018-12-03 23:28:07 +0200[diff] [blame]199 } else if (strcmp(serial, "1047") == 0) {
200 remediation = "user";
Jouni Malinen2508a592019-01-23 01:07:08 +0200[diff] [blame]201 cert = "55cd0af162f2fb6de5b9481e37a0b0887f42e477ab09586b0c10f24b269b893f";
Jouni Malinenbbe959f2018-12-03 23:28:07 +0200[diff] [blame]202 } else {
203 sigma_dut_print(dut, DUT_MSG_INFO,
204 "Unsupported serial number '%s'", serial);
205 goto fail;
206 }
207
Jouni Malinen2508a592019-01-23 01:07:08 +0200[diff] [blame]208 sql = sqlite3_mprintf("INSERT OR REPLACE INTO users(identity,realm,methods,phase2,machine_managed,remediation,fetch_pps,osu_user,osu_password,policy,cert,subrem) VALUES (%Q,%Q,%Q,%d,%d,%Q,%d,%Q,%Q,%Q,%Q,%Q)",
Jouni Malinenbbe959f2018-12-03 23:28:07 +0200[diff] [blame]209 user, realm, methods,
210 phase2, machine_managed, remediation, fetch_pps,
Jouni Malinen2508a592019-01-23 01:07:08 +0200[diff] [blame]211 osu_user, osu_password, policy, cert, subrem);
Jouni Malinenbbe959f2018-12-03 23:28:07 +0200[diff] [blame]212
213 if (!sql)
214 goto fail;
215
216 sigma_dut_print(dut, DUT_MSG_DEBUG, "SQL: %s", sql);
217
218 if (sqlite3_exec(db, sql, NULL, NULL, NULL) != SQLITE_OK) {
219 sigma_dut_print(dut, DUT_MSG_ERROR, "SQL operation failed: %s",
220 sqlite3_errmsg(db));
221 } else {
222 res = 0;
223 }
224
225 sqlite3_free(sql);
226
227fail:
228 sqlite3_close(db);
229
230 return res;
231}
232
233
Jouni Malinen05630ab2018-09-15 02:59:58 +0300[diff] [blame]234static int server_reset_cert_enroll(struct sigma_dut *dut, const char *addr)
235{
236 sqlite3 *db;
237 char *sql;
238
239 sigma_dut_print(dut, DUT_MSG_DEBUG,
240 "Reset certificate enrollment status for %s", addr);
241
242 if (sqlite3_open(SERVER_DB, &db)) {
243 sigma_dut_print(dut, DUT_MSG_ERROR,
244 "Failed to open SQLite database %s",
245 SERVER_DB);
246 return -1;
247 }
Jouni Malinene2817ad2022-05-16 20:23:45 +0300[diff] [blame]248
249 if (strcasecmp(addr, "any") == 0)
250 sql = sqlite3_mprintf("DELETE FROM cert_enroll");
251 else
252 sql = sqlite3_mprintf("DELETE FROM cert_enroll WHERE mac_addr=%Q",
253 addr);
Jouni Malinen05630ab2018-09-15 02:59:58 +0300[diff] [blame]254 if (!sql) {
255 sqlite3_close(db);
256 return -1;
257 }
258 sigma_dut_print(dut, DUT_MSG_DEBUG, "SQL: %s", sql);
259
260 if (sqlite3_exec(db, sql, NULL, NULL, NULL) != SQLITE_OK) {
261 sigma_dut_print(dut, DUT_MSG_ERROR,
262 "SQL operation failed: %s",
263 sqlite3_errmsg(db));
264 sqlite3_free(sql);
265 sqlite3_close(db);
266 return -1;
267 }
268
269 sqlite3_free(sql);
270 sqlite3_close(db);
271
272 return 0;
273}
274
275
Jouni Malinen4ec26fe2018-12-16 17:43:25 +0200[diff] [blame]276static int server_reset_imsi(struct sigma_dut *dut, const char *imsi)
277{
278 sqlite3 *db;
279 char *sql;
280
281 sigma_dut_print(dut, DUT_MSG_DEBUG, "Reset policy provisioning for %s",
282 imsi);
283
284 if (sqlite3_open(SERVER_DB, &db)) {
285 sigma_dut_print(dut, DUT_MSG_ERROR,
286 "Failed to open SQLite database %s",
287 SERVER_DB);
288 return -1;
289 }
290 sql = sqlite3_mprintf("DELETE FROM users WHERE identity=%Q", imsi);
291 if (!sql) {
292 sqlite3_close(db);
293 return -1;
294 }
295 sigma_dut_print(dut, DUT_MSG_DEBUG, "SQL: %s", sql);
296
297 if (sqlite3_exec(db, sql, NULL, NULL, NULL) != SQLITE_OK) {
298 sigma_dut_print(dut, DUT_MSG_ERROR,
299 "SQL operation failed: %s",
300 sqlite3_errmsg(db));
301 sqlite3_free(sql);
302 sqlite3_close(db);
303 return -1;
304 }
305
306 sqlite3_free(sql);
307 sqlite3_close(db);
308
309 return 0;
310}
311
312
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]313static enum sigma_cmd_result cmd_server_reset_default(struct sigma_dut *dut,
314 struct sigma_conn *conn,
315 struct sigma_cmd *cmd)
Jouni Malinencd4e3c32015-10-29 12:39:56 +0200[diff] [blame]316{
317 const char *var;
Jouni Malinen94d7b122018-09-04 13:16:41 +0300[diff] [blame]318 enum sigma_program prog;
Jouni Malinencd4e3c32015-10-29 12:39:56 +0200[diff] [blame]319
320 var = get_param(cmd, "Program");
Jouni Malinen94d7b122018-09-04 13:16:41 +0300[diff] [blame]321 if (!var) {
322 send_resp(dut, conn, SIGMA_ERROR,
323 "errorCode,Missing program parameter");
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]324 return STATUS_SENT;
Jouni Malinen94d7b122018-09-04 13:16:41 +0300[diff] [blame]325 }
326
327 prog = sigma_program_to_enum(var);
Jouni Malinen409fc122022-09-29 18:54:09 +0300[diff] [blame]328 if (!is_passpoint_r2_or_newer(prog)) {
Jouni Malinencd4e3c32015-10-29 12:39:56 +0200[diff] [blame]329 send_resp(dut, conn, SIGMA_ERROR,
330 "errorCode,Unsupported program");
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]331 return STATUS_SENT;
Jouni Malinencd4e3c32015-10-29 12:39:56 +0200[diff] [blame]332 }
333
334 var = get_param(cmd, "UserName");
Jouni Malinen3b17d532018-09-04 19:10:58 +0300[diff] [blame]335 if (var && server_reset_user(dut, var) < 0) {
336 send_resp(dut, conn, SIGMA_ERROR,
337 "errorCode,Failed to reset user account to defaults");
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]338 return STATUS_SENT;
Jouni Malinencd4e3c32015-10-29 12:39:56 +0200[diff] [blame]339 }
340
341 var = get_param(cmd, "SerialNo");
Jouni Malinenbbe959f2018-12-03 23:28:07 +0200[diff] [blame]342 if (var && server_reset_serial(dut, var)) {
343 send_resp(dut, conn, SIGMA_ERROR,
344 "errorCode,Failed to reset user account to defaults");
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]345 return STATUS_SENT;
Jouni Malinencd4e3c32015-10-29 12:39:56 +0200[diff] [blame]346 }
347
Jouni Malinen05630ab2018-09-15 02:59:58 +0300[diff] [blame]348 var = get_param(cmd, "ClientMACAddr");
349 if (var && server_reset_cert_enroll(dut, var) < 0) {
350 send_resp(dut, conn, SIGMA_ERROR,
351 "errorCode,Failed to reset cert enroll to defaults");
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]352 return STATUS_SENT;
Jouni Malinen05630ab2018-09-15 02:59:58 +0300[diff] [blame]353 }
354
Jouni Malinen4ec26fe2018-12-16 17:43:25 +0200[diff] [blame]355 var = get_param(cmd, "imsi_val");
356 if (var && server_reset_imsi(dut, var) < 0) {
357 send_resp(dut, conn, SIGMA_ERROR,
358 "errorCode,Failed to reset IMSI/SIM user");
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]359 return STATUS_SENT;
Jouni Malinen4ec26fe2018-12-16 17:43:25 +0200[diff] [blame]360 }
361
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]362 return SUCCESS_SEND_STATUS;
Jouni Malinencd4e3c32015-10-29 12:39:56 +0200[diff] [blame]363}
364
365
Jouni Malinen0f1614b2018-09-11 04:40:20 +0300[diff] [blame]366static int get_last_msk_cb(void *ctx, int argc, char *argv[], char *col[])
367{
368 char **last_msk = ctx;
369
370 if (argc < 1 || !argv[0])
371 return 0;
372
373 free(*last_msk);
374 *last_msk = strdup(argv[0]);
375
376 return 0;
377}
378
379
380static char * get_last_msk(struct sigma_dut *dut, sqlite3 *db,
381 const char *username)
382{
383 char *sql, *last_msk = NULL;
384
385 sql = sqlite3_mprintf("SELECT last_msk FROM users WHERE identity=%Q",
386 username);
387 if (!sql)
388 return NULL;
389
390 if (sqlite3_exec(db, sql, get_last_msk_cb, &last_msk, NULL) !=
391 SQLITE_OK) {
392 sigma_dut_print(dut, DUT_MSG_ERROR,
393 "SQL operation to fetch last_msk failed: %s",
394 sqlite3_errmsg(db));
395 sqlite3_free(sql);
396 return NULL;
397 }
398
399 sqlite3_free(sql);
400
401 return last_msk;
402}
403
404
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]405static enum sigma_cmd_result
406aaa_auth_status(struct sigma_dut *dut, struct sigma_conn *conn,
407 struct sigma_cmd *cmd, const char *username, int timeout)
Jouni Malinen0f1614b2018-09-11 04:40:20 +0300[diff] [blame]408{
409 sqlite3 *db;
410 char *sql = NULL;
411 int i;
412 char resp[500];
413
414 if (sqlite3_open(SERVER_DB, &db)) {
415 sigma_dut_print(dut, DUT_MSG_ERROR,
416 "Failed to open SQLite database %s",
417 SERVER_DB);
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]418 return INVALID_SEND_STATUS;
Jouni Malinen0f1614b2018-09-11 04:40:20 +0300[diff] [blame]419 }
420
421 sql = sqlite3_mprintf("UPDATE users SET last_msk=NULL WHERE identity=%Q",
422 username);
423 if (!sql) {
424 sqlite3_close(db);
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]425 return ERROR_SEND_STATUS;
Jouni Malinen0f1614b2018-09-11 04:40:20 +0300[diff] [blame]426 }
427
428 if (sqlite3_exec(db, sql, NULL, NULL, NULL) != SQLITE_OK) {
429 sigma_dut_print(dut, DUT_MSG_ERROR,
430 "SQL operation to clear last_msk failed: %s",
431 sqlite3_errmsg(db));
432 sqlite3_free(sql);
433 sqlite3_close(db);
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]434 return ERROR_SEND_STATUS;
Jouni Malinen0f1614b2018-09-11 04:40:20 +0300[diff] [blame]435 }
436
437 sqlite3_free(sql);
438
Jouni Malinen89dfb222018-10-07 16:51:39 +0300[diff] [blame]439 if (sqlite3_changes(db) < 1) {
440 sigma_dut_print(dut, DUT_MSG_ERROR,
441 "No DB rows modified (specified user not found)");
442 sqlite3_close(db);
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]443 return ERROR_SEND_STATUS;
Jouni Malinen89dfb222018-10-07 16:51:39 +0300[diff] [blame]444 }
445
Jouni Malinen0f1614b2018-09-11 04:40:20 +0300[diff] [blame]446 snprintf(resp, sizeof(resp), "AuthStatus,TIMEOUT,MSK,NULL");
447
448 for (i = 0; i < timeout; i++) {
449 char *last_msk;
450
451 last_msk = get_last_msk(dut, db, username);
452 if (last_msk) {
453 if (strcmp(last_msk, "FAIL") == 0) {
454 snprintf(resp, sizeof(resp),
455 "AuthStatus,FAIL,MSK,NULL");
456 } else {
457 snprintf(resp, sizeof(resp),
458 "AuthStatus,SUCCESS,MSK,%s", last_msk);
459 }
460 free(last_msk);
461 break;
462 }
463 sleep(1);
464 }
465
466 sqlite3_close(db);
467
468 send_resp(dut, conn, SIGMA_COMPLETE, resp);
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]469 return STATUS_SENT;
Jouni Malinen0f1614b2018-09-11 04:40:20 +0300[diff] [blame]470}
471
472
Jouni Malinen05630ab2018-09-15 02:59:58 +0300[diff] [blame]473static int get_last_serial_cb(void *ctx, int argc, char *argv[], char *col[])
474{
475 char **last_serial = ctx;
476
477 if (argc < 1 || !argv[0])
478 return 0;
479
480 free(*last_serial);
481 *last_serial = strdup(argv[0]);
482
483 return 0;
484}
485
486
487static char * get_last_serial(struct sigma_dut *dut, sqlite3 *db,
488 const char *addr)
489{
490 char *sql, *last_serial = NULL;
491
Jouni Malinene2817ad2022-05-16 20:23:45 +0300[diff] [blame]492 if (!addr || strcasecmp(addr, "any") == 0)
493 sql = sqlite3_mprintf("SELECT serialnum FROM cert_enroll");
494 else
495 sql = sqlite3_mprintf("SELECT serialnum FROM cert_enroll WHERE mac_addr=%Q",
496 addr);
Jouni Malinen05630ab2018-09-15 02:59:58 +0300[diff] [blame]497 if (!sql)
498 return NULL;
499 sigma_dut_print(dut, DUT_MSG_DEBUG, "SQL: %s", sql);
500
501 if (sqlite3_exec(db, sql, get_last_serial_cb, &last_serial, NULL) !=
502 SQLITE_OK) {
503 sigma_dut_print(dut, DUT_MSG_ERROR,
504 "SQL operation to fetch last_serial failed: %s",
505 sqlite3_errmsg(db));
506 sqlite3_free(sql);
507 return NULL;
508 }
509
510 sqlite3_free(sql);
511
512 return last_serial;
513}
514
515
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]516static enum sigma_cmd_result
517osu_cert_enroll_status(struct sigma_dut *dut, struct sigma_conn *conn,
518 struct sigma_cmd *cmd, const char *addr, int timeout)
Jouni Malinen05630ab2018-09-15 02:59:58 +0300[diff] [blame]519{
520 sqlite3 *db;
521 int i;
522 char resp[500];
523
524 if (sqlite3_open(SERVER_DB, &db)) {
525 sigma_dut_print(dut, DUT_MSG_ERROR,
526 "Failed to open SQLite database %s",
527 SERVER_DB);
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]528 return INVALID_SEND_STATUS;
Jouni Malinen05630ab2018-09-15 02:59:58 +0300[diff] [blame]529 }
530
531 snprintf(resp, sizeof(resp), "OSUStatus,TIMEOUT");
532
533 for (i = 0; i < timeout; i++) {
534 char *last_serial;
535
536 last_serial = get_last_serial(dut, db, addr);
537 if (last_serial) {
538 if (strcmp(last_serial, "FAIL") == 0) {
539 snprintf(resp, sizeof(resp),
540 "OSUStatus,FAIL");
541 } else if (strlen(last_serial) > 0) {
542 snprintf(resp, sizeof(resp),
543 "OSUStatus,SUCCESS,SerialNo,%s",
544 last_serial);
545 }
546 free(last_serial);
547 break;
548 }
549 sleep(1);
550 }
551
552 sqlite3_close(db);
553
554 send_resp(dut, conn, SIGMA_COMPLETE, resp);
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]555 return STATUS_SENT;
Jouni Malinen05630ab2018-09-15 02:59:58 +0300[diff] [blame]556}
557
558
Jouni Malinen4ea3acb2018-10-08 13:06:30 +0300[diff] [blame]559static int get_user_field_cb(void *ctx, int argc, char *argv[], char *col[])
560{
561 char **val = ctx;
562
563 if (argc < 1 || !argv[0])
564 return 0;
565
566 free(*val);
567 *val = strdup(argv[0]);
568
569 return 0;
570}
571
572
Jouni Malinende664c32018-10-15 11:02:07 +0300[diff] [blame]573static char * get_user_field_helper(struct sigma_dut *dut, sqlite3 *db,
574 const char *id_field,
575 const char *identity, const char *field)
Jouni Malinen4ea3acb2018-10-08 13:06:30 +0300[diff] [blame]576{
577 char *sql, *val = NULL;
578
Jouni Malinende664c32018-10-15 11:02:07 +0300[diff] [blame]579 sql = sqlite3_mprintf("SELECT %s FROM users WHERE %s=%Q",
580 field, id_field, identity);
Jouni Malinen4ea3acb2018-10-08 13:06:30 +0300[diff] [blame]581 if (!sql)
582 return NULL;
583 sigma_dut_print(dut, DUT_MSG_DEBUG, "SQL: %s", sql);
584
585 if (sqlite3_exec(db, sql, get_user_field_cb, &val, NULL) != SQLITE_OK) {
586 sigma_dut_print(dut, DUT_MSG_ERROR,
587 "SQL operation to fetch user field failed: %s",
588 sqlite3_errmsg(db));
589 sqlite3_free(sql);
590 return NULL;
591 }
592
593 sqlite3_free(sql);
594
595 return val;
596}
597
598
Jouni Malinende664c32018-10-15 11:02:07 +0300[diff] [blame]599static char * get_user_field(struct sigma_dut *dut, sqlite3 *db,
600 const char *identity, const char *field)
601{
602 return get_user_field_helper(dut, db, "identity", identity, field);
603}
604
605
606static char * get_user_dmacc_field(struct sigma_dut *dut, sqlite3 *db,
607 const char *identity, const char *field)
608{
609 return get_user_field_helper(dut, db, "osu_user", identity, field);
610}
611
612
Jouni Malinen33f2acf2019-01-10 00:46:00 +0200[diff] [blame]613static int get_eventlog_new_serialno_cb(void *ctx, int argc, char *argv[],
614 char *col[])
615{
616 char **serialno = ctx;
617 char *val;
618
619 if (argc < 1 || !argv[0])
620 return 0;
621
622 val = argv[0];
623 if (strncmp(val, "renamed user to: cert-", 22) != 0)
624 return 0;
625 val += 22;
626 free(*serialno);
627 *serialno = strdup(val);
628
629 return 0;
630}
631
632
633static char * get_eventlog_new_serialno(struct sigma_dut *dut, sqlite3 *db,
634 const char *username)
635{
636 char *sql, *serial = NULL;
637
638 sql = sqlite3_mprintf("SELECT notes FROM eventlog WHERE user=%Q AND notes LIKE %Q",
639 username, "renamed user to:%");
640 if (!sql)
641 return NULL;
642
643 if (sqlite3_exec(db, sql, get_eventlog_new_serialno_cb, &serial,
644 NULL) != SQLITE_OK) {
645 sigma_dut_print(dut, DUT_MSG_ERROR,
646 "SQL operation to fetch new serialno failed: %s",
647 sqlite3_errmsg(db));
648 sqlite3_free(sql);
649 return NULL;
650 }
651
652 sqlite3_free(sql);
653
654 return serial;
655}
656
657
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]658static enum sigma_cmd_result
659osu_remediation_status(struct sigma_dut *dut, struct sigma_conn *conn,
660 int timeout, const char *username, const char *serialno)
Jouni Malinen4ea3acb2018-10-08 13:06:30 +0300[diff] [blame]661{
662 sqlite3 *db;
663 int i;
664 char resp[500];
665 char name[100];
666 char *remediation = NULL;
Jouni Malinende664c32018-10-15 11:02:07 +0300[diff] [blame]667 int dmacc = 0;
Jouni Malinen4ea3acb2018-10-08 13:06:30 +0300[diff] [blame]668
669 if (!username && !serialno)
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]670 return INVALID_SEND_STATUS;
Jouni Malinen4ea3acb2018-10-08 13:06:30 +0300[diff] [blame]671 if (!username) {
672 snprintf(name, sizeof(name), "cert-%s", serialno);
673 username = name;
674 }
675
676 if (sqlite3_open(SERVER_DB, &db)) {
677 sigma_dut_print(dut, DUT_MSG_ERROR,
678 "Failed to open SQLite database %s",
679 SERVER_DB);
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]680 return ERROR_SEND_STATUS;
Jouni Malinen4ea3acb2018-10-08 13:06:30 +0300[diff] [blame]681 }
682
683 remediation = get_user_field(dut, db, username, "remediation");
684 if (!remediation) {
Jouni Malinende664c32018-10-15 11:02:07 +0300[diff] [blame]685 remediation = get_user_dmacc_field(dut, db, username,
686 "remediation");
687 dmacc = 1;
688 }
689 if (!remediation) {
Jouni Malinen4ea3acb2018-10-08 13:06:30 +0300[diff] [blame]690 snprintf(resp, sizeof(resp),
691 "RemediationStatus,User entry not found");
692 goto done;
693 }
694 if (remediation[0] == '\0') {
695 snprintf(resp, sizeof(resp),
696 "RemediationStatus,User was not configured to need remediation");
697 goto done;
698 }
699
700 snprintf(resp, sizeof(resp), "RemediationStatus,TIMEOUT");
701
702 for (i = 0; i < timeout; i++) {
703 sleep(1);
704 free(remediation);
Jouni Malinende664c32018-10-15 11:02:07 +0300[diff] [blame]705 if (dmacc)
706 remediation = get_user_dmacc_field(dut, db, username,
707 "remediation");
708 else
709 remediation = get_user_field(dut, db, username,
710 "remediation");
Jouni Malinen33f2acf2019-01-10 00:46:00 +0200[diff] [blame]711 if (!remediation && serialno) {
712 char *new_serial;
713
714 /* Certificate reenrollment through subscription
715 * remediation - fetch the new serial number */
716 new_serial = get_eventlog_new_serialno(dut, db,
717 username);
718 if (!new_serial) {
719 /* New SerialNo not known?! */
720 snprintf(resp, sizeof(resp),
721 "RemediationStatus,Remediation Complete,SerialNo,Unknown");
722 break;
723 }
724 snprintf(resp, sizeof(resp),
725 "RemediationStatus,Remediation Complete,SerialNo,%s",
726 new_serial);
727 free(new_serial);
728 break;
729 } else if (remediation && remediation[0] == '\0') {
Jouni Malinen4ea3acb2018-10-08 13:06:30 +0300[diff] [blame]730 snprintf(resp, sizeof(resp),
731 "RemediationStatus,Remediation Complete");
732 break;
733 }
734 }
735
736done:
737 free(remediation);
738 sqlite3_close(db);
739
740 send_resp(dut, conn, SIGMA_COMPLETE, resp);
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]741 return STATUS_SENT;
Jouni Malinen4ea3acb2018-10-08 13:06:30 +0300[diff] [blame]742}
743
744
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]745static enum sigma_cmd_result
746osu_polupd_status(struct sigma_dut *dut, struct sigma_conn *conn, int timeout,
747 const char *username, const char *serialno)
Jouni Malinene9265832018-10-19 18:59:58 +0300[diff] [blame]748{
749 sqlite3 *db;
750 char *sql;
751 int i;
752 char resp[500];
753 char name[100];
754 char *policy = NULL;
755 int dmacc = 0;
756
757 if (!username && !serialno)
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]758 return INVALID_SEND_STATUS;
Jouni Malinene9265832018-10-19 18:59:58 +0300[diff] [blame]759 if (!username) {
760 snprintf(name, sizeof(name), "cert-%s", serialno);
761 username = name;
762 }
763
764 if (sqlite3_open(SERVER_DB, &db)) {
765 sigma_dut_print(dut, DUT_MSG_ERROR,
766 "Failed to open SQLite database %s",
767 SERVER_DB);
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]768 return ERROR_SEND_STATUS;
Jouni Malinene9265832018-10-19 18:59:58 +0300[diff] [blame]769 }
770
771 policy = get_user_field(dut, db, username, "policy");
772 if (!policy) {
773 policy = get_user_dmacc_field(dut, db, username, "policy");
774 dmacc = 1;
775 }
776 if (!policy) {
777 snprintf(resp, sizeof(resp),
778 "PolicyUpdateStatus,User entry not found");
779 goto done;
780 }
781 if (policy[0] == '\0') {
782 snprintf(resp, sizeof(resp),
783 "PolicyUpdateStatus,User was not configured to need policy update");
784 goto done;
785 }
786
787 sql = sqlite3_mprintf("UPDATE users SET polupd_done=0 WHERE %s=%Q",
788 (dmacc ? "osu_user" : "identity"),
789 username);
790 if (!sql) {
791 snprintf(resp, sizeof(resp),
792 "PolicyUpdateStatus,Internal error");
793 goto done;
794 }
795 sigma_dut_print(dut, DUT_MSG_DEBUG, "SQL: %s", sql);
796 if (sqlite3_exec(db, sql, NULL, NULL, NULL) != SQLITE_OK) {
797 sigma_dut_print(dut, DUT_MSG_ERROR,
798 "SQL operation to fetch user field failed: %s",
799 sqlite3_errmsg(db));
800 sqlite3_free(sql);
801 goto done;
802 }
803 sqlite3_free(sql);
804
805 snprintf(resp, sizeof(resp), "PolicyUpdateStatus,TIMEOUT");
806
807 for (i = 0; i < timeout; i++) {
808 sleep(1);
809 free(policy);
810 if (dmacc)
811 policy = get_user_dmacc_field(dut, db, username,
812 "polupd_done");
813 else
814 policy = get_user_field(dut, db, username,
815 "polupd_done");
816 if (policy && atoi(policy)) {
817 snprintf(resp, sizeof(resp),
818 "PolicyUpdateStatus,UpdateComplete");
819 break;
820 }
821 }
822
823done:
824 free(policy);
825 sqlite3_close(db);
826
827 send_resp(dut, conn, SIGMA_COMPLETE, resp);
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]828 return STATUS_SENT;
Jouni Malinene9265832018-10-19 18:59:58 +0300[diff] [blame]829}
830
831
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]832static enum sigma_cmd_result
833osu_sim_policy_provisioning_status(struct sigma_dut *dut,
834 struct sigma_conn *conn,
835 const char *imsi, int timeout)
Jouni Malinen7116cd42018-12-16 17:51:11 +0200[diff] [blame]836{
837 sqlite3 *db;
838 int i;
839 char resp[500];
840 char *id = NULL;
841
842 if (sqlite3_open(SERVER_DB, &db)) {
843 sigma_dut_print(dut, DUT_MSG_ERROR,
844 "Failed to open SQLite database %s",
845 SERVER_DB);
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]846 return INVALID_SEND_STATUS;
Jouni Malinen7116cd42018-12-16 17:51:11 +0200[diff] [blame]847 }
848
849 snprintf(resp, sizeof(resp), "PolicyProvisioning,TIMEOUT");
850
851 for (i = 0; i < timeout; i++) {
852 free(id);
853 id = get_user_field(dut, db, imsi, "identity");
854 if (id) {
855 snprintf(resp, sizeof(resp),
856 "PolicyProvisioning,Provisioning Complete");
857 break;
858 }
859 sleep(1);
860 }
861
862 free(id);
863 sqlite3_close(db);
864
865 send_resp(dut, conn, SIGMA_COMPLETE, resp);
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]866 return STATUS_SENT;
Jouni Malinen7116cd42018-12-16 17:51:11 +0200[diff] [blame]867}
868
869
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]870static enum sigma_cmd_result cmd_server_request_status(struct sigma_dut *dut,
871 struct sigma_conn *conn,
872 struct sigma_cmd *cmd)
Jouni Malinencd4e3c32015-10-29 12:39:56 +0200[diff] [blame]873{
874 const char *var, *username, *serialno, *imsi, *addr, *status;
875 int osu, timeout;
876 char resp[500];
Jouni Malinen0f1614b2018-09-11 04:40:20 +0300[diff] [blame]877 enum sigma_program prog;
Jouni Malinencd4e3c32015-10-29 12:39:56 +0200[diff] [blame]878
879 var = get_param(cmd, "Program");
Jouni Malinen0f1614b2018-09-11 04:40:20 +0300[diff] [blame]880 if (!var) {
881 send_resp(dut, conn, SIGMA_ERROR,
882 "errorCode,Missing program parameter");
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]883 return STATUS_SENT;
Jouni Malinen0f1614b2018-09-11 04:40:20 +0300[diff] [blame]884 }
885
886 prog = sigma_program_to_enum(var);
Jouni Malinen409fc122022-09-29 18:54:09 +0300[diff] [blame]887 if (!is_passpoint_r2_or_newer(prog)) {
Jouni Malinen0b1be632022-05-16 20:02:13 +0300[diff] [blame]888 send_resp(dut, conn, SIGMA_ERROR,
Jouni Malinencd4e3c32015-10-29 12:39:56 +0200[diff] [blame]889 "errorCode,Unsupported program");
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]890 return STATUS_SENT;
Jouni Malinencd4e3c32015-10-29 12:39:56 +0200[diff] [blame]891 }
892
893 var = get_param(cmd, "Device");
894 if (!var ||
895 (strcasecmp(var, "AAAServer") != 0 &&
896 strcasecmp(var, "OSUServer") != 0)) {
897 send_resp(dut, conn, SIGMA_ERROR,
898 "errorCode,Unsupported device type");
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]899 return STATUS_SENT;
Jouni Malinencd4e3c32015-10-29 12:39:56 +0200[diff] [blame]900 }
901 osu = strcasecmp(var, "OSUServer") == 0;
902
903 var = get_param(cmd, "Timeout");
904 if (!var) {
905 send_resp(dut, conn, SIGMA_ERROR,
906 "errorCode,Missing timeout");
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]907 return STATUS_SENT;
Jouni Malinencd4e3c32015-10-29 12:39:56 +0200[diff] [blame]908 }
909 timeout = atoi(var);
910 sigma_dut_print(dut, DUT_MSG_DEBUG, "timeout: %d", timeout);
911
912 username = get_param(cmd, "UserName");
913 if (username)
914 sigma_dut_print(dut, DUT_MSG_DEBUG, "UserName: %s", username);
915 serialno = get_param(cmd, "SerialNo");
916 if (serialno)
917 sigma_dut_print(dut, DUT_MSG_DEBUG, "SerialNo: %s", serialno);
918 imsi = get_param(cmd, "imsi_val");
919 if (imsi)
920 sigma_dut_print(dut, DUT_MSG_DEBUG, "imsi_val: %s", imsi);
921 addr = get_param(cmd, "ClientMACAddr");
922 if (addr)
923 sigma_dut_print(dut, DUT_MSG_DEBUG, "ClientMACAddr: %s", addr);
924 status = get_param(cmd, "Status");
925 if (status)
926 sigma_dut_print(dut, DUT_MSG_DEBUG, "Status: %s", status);
927
Jouni Malinen4ea3acb2018-10-08 13:06:30 +0300[diff] [blame]928 if (osu && status && strcasecmp(status, "Remediation") == 0)
929 return osu_remediation_status(dut, conn, timeout, username,
930 serialno);
Jouni Malinencd4e3c32015-10-29 12:39:56 +0200[diff] [blame]931
Jouni Malinene9265832018-10-19 18:59:58 +0300[diff] [blame]932 if (osu && status && strcasecmp(status, "PolicyUpdate") == 0)
933 return osu_polupd_status(dut, conn, timeout, username,
934 serialno);
935
Jouni Malinen0f1614b2018-09-11 04:40:20 +0300[diff] [blame]936 if (!osu && status && strcasecmp(status, "Authentication") == 0 &&
937 username)
938 return aaa_auth_status(dut, conn, cmd, username, timeout);
939
Jouni Malinen89dfb222018-10-07 16:51:39 +0300[diff] [blame]940 if (!osu && status && strcasecmp(status, "Authentication") == 0 &&
941 serialno) {
942 snprintf(resp, sizeof(resp), "cert-%s", serialno);
943 return aaa_auth_status(dut, conn, cmd, resp, timeout);
944 }
945
Jouni Malinene2817ad2022-05-16 20:23:45 +0300[diff] [blame]946 if (osu && status && strcasecmp(status, "OSU") == 0)
Jouni Malinen05630ab2018-09-15 02:59:58 +0300[diff] [blame]947 return osu_cert_enroll_status(dut, conn, cmd, addr, timeout);
948
Jouni Malinen7116cd42018-12-16 17:51:11 +0200[diff] [blame]949 if (osu && status && strcasecmp(status, "PolicyProvisioning") == 0 &&
950 imsi)
951 return osu_sim_policy_provisioning_status(dut, conn, imsi,
952 timeout);
953
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]954 return SUCCESS_SEND_STATUS;
Jouni Malinencd4e3c32015-10-29 12:39:56 +0200[diff] [blame]955}
956
957
Jouni Malinenb8b7e7b2018-09-26 13:39:42 +0300[diff] [blame]958static int osu_set_cert_reenroll(struct sigma_dut *dut, const char *serial,
959 int enable)
960{
961 sqlite3 *db;
962 char *sql;
963 char id[100];
964 int ret = -1;
965
966 if (sqlite3_open(SERVER_DB, &db)) {
967 sigma_dut_print(dut, DUT_MSG_ERROR,
968 "Failed to open SQLite database %s",
969 SERVER_DB);
970 return -1;
971 }
972
973 snprintf(id, sizeof(id), "cert-%s", serial);
974 sql = sqlite3_mprintf("UPDATE users SET remediation=%Q WHERE lower(identity)=lower(%Q)",
Jouni Malinen959372f2018-12-04 13:49:45 +0200[diff] [blame]975 enable ? "reenroll" : "", id);
Jouni Malinenb8b7e7b2018-09-26 13:39:42 +0300[diff] [blame]976 if (!sql)
977 goto fail;
978 sigma_dut_print(dut, DUT_MSG_DEBUG, "SQL: %s", sql);
979 if (sqlite3_exec(db, sql, NULL, NULL, NULL) != SQLITE_OK) {
980 sigma_dut_print(dut, DUT_MSG_ERROR, "SQL operation failed: %s",
981 sqlite3_errmsg(db));
982 goto fail;
983 }
984
985 if (sqlite3_changes(db) < 1) {
986 sigma_dut_print(dut, DUT_MSG_ERROR, "No DB rows modified (specified serial number not found)");
987 goto fail;
988 }
989
990 ret = 0;
991fail:
992 sqlite3_close(db);
993
994 return ret;
995}
996
997
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]998static enum sigma_cmd_result cmd_server_set_parameter(struct sigma_dut *dut,
999 struct sigma_conn *conn,
1000 struct sigma_cmd *cmd)
Jouni Malinenab8c7182018-09-11 02:55:45 +0300[diff] [blame]1001{
Jouni Malinen93b170b2018-09-15 02:58:27 +0300[diff] [blame]1002 const char *var, *root_ca, *inter_ca, *osu_cert, *issuing_arch, *name;
Jouni Malinenb8b7e7b2018-09-26 13:39:42 +0300[diff] [blame]1003 const char *reenroll, *serial;
Jouni Malinenab8c7182018-09-11 02:55:45 +0300[diff] [blame]1004 int osu, timeout = -1;
1005 enum sigma_program prog;
1006
1007 var = get_param(cmd, "Program");
1008 if (!var) {
1009 send_resp(dut, conn, SIGMA_ERROR,
1010 "errorCode,Missing program parameter");
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]1011 return STATUS_SENT;
Jouni Malinenab8c7182018-09-11 02:55:45 +0300[diff] [blame]1012 }
1013
1014 prog = sigma_program_to_enum(var);
Jouni Malinen409fc122022-09-29 18:54:09 +0300[diff] [blame]1015 if (!is_passpoint_r2_or_newer(prog)) {
Jouni Malinenab8c7182018-09-11 02:55:45 +0300[diff] [blame]1016 send_resp(dut, conn, SIGMA_ERROR,
1017 "errorCode,Unsupported program");
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]1018 return STATUS_SENT;
Jouni Malinenab8c7182018-09-11 02:55:45 +0300[diff] [blame]1019 }
1020
1021 var = get_param(cmd, "Device");
1022 if (!var ||
1023 (strcasecmp(var, "AAAServer") != 0 &&
1024 strcasecmp(var, "OSUServer") != 0)) {
1025 send_resp(dut, conn, SIGMA_ERROR,
1026 "errorCode,Unsupported device type");
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]1027 return STATUS_SENT;
Jouni Malinenab8c7182018-09-11 02:55:45 +0300[diff] [blame]1028 }
1029 osu = strcasecmp(var, "OSUServer") == 0;
1030
1031 var = get_param(cmd, "Timeout");
1032 if (var)
1033 timeout = atoi(var);
1034
1035 var = get_param(cmd, "ProvisioningProto");
1036 if (var && strcasecmp(var, "SOAP") != 0) {
1037 send_resp(dut, conn, SIGMA_ERROR,
1038 "errorCode,Unsupported ProvisioningProto");
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]1039 return STATUS_SENT;
Jouni Malinenab8c7182018-09-11 02:55:45 +0300[diff] [blame]1040 }
1041
Jouni Malinenb8b7e7b2018-09-26 13:39:42 +0300[diff] [blame]1042 reenroll = get_param(cmd, "CertReEnroll");
1043 serial = get_param(cmd, "SerialNo");
1044 if (reenroll && serial) {
1045 int enable;
1046
1047 if (strcasecmp(reenroll, "Enable") == 0) {
1048 enable = 1;
1049 } else if (strcasecmp(reenroll, "Disable") == 0) {
1050 enable = 0;
1051 } else {
1052 send_resp(dut, conn, SIGMA_ERROR,
1053 "errorCode,Invalid CertReEnroll value");
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]1054 return STATUS_SENT;
Jouni Malinenb8b7e7b2018-09-26 13:39:42 +0300[diff] [blame]1055 }
1056
1057 if (osu_set_cert_reenroll(dut, serial, enable) < 0) {
1058 send_resp(dut, conn, SIGMA_ERROR,
1059 "errorCode,Failed to update certificate reenrollment state");
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]1060 return STATUS_SENT;
Jouni Malinenb8b7e7b2018-09-26 13:39:42 +0300[diff] [blame]1061 }
1062 }
1063
Jouni Malinen93b170b2018-09-15 02:58:27 +0300[diff] [blame]1064 name = get_param(cmd, "Name");
1065 root_ca = get_param(cmd, "TrustRootCACert");
1066 inter_ca = get_param(cmd, "InterCACert");
1067 osu_cert = get_param(cmd, "OSUServerCert");
1068 issuing_arch = get_param(cmd, "Issuing_Arch");
1069
Jouni Malinenab8c7182018-09-11 02:55:45 +0300[diff] [blame]1070 if (timeout > -1) {
1071 /* TODO */
1072 }
1073
Jouni Malinen93b170b2018-09-15 02:58:27 +0300[diff] [blame]1074 if (osu && name && root_ca && inter_ca && osu_cert && issuing_arch) {
1075 const char *srv;
1076 char buf[500];
1077 char buf2[500];
1078 int col;
1079
1080 sigma_dut_print(dut, DUT_MSG_DEBUG,
1081 "Update server certificate setup");
1082
1083 if (strcasecmp(name, "ruckus") == 0) {
1084 srv = "RKS";
1085 } else if (strcasecmp(name, "aruba") == 0) {
1086 srv = "ARU";
1087 } else {
1088 send_resp(dut, conn, SIGMA_ERROR,
1089 "errorCode,Unsupported Name value");
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]1090 return STATUS_SENT;
Jouni Malinen93b170b2018-09-15 02:58:27 +0300[diff] [blame]1091 }
1092
1093 if (strcasecmp(issuing_arch, "col2") == 0) {
1094 col = 2;
1095 } else if (strcasecmp(issuing_arch, "col4") == 0) {
1096 col = 4;
1097 } else {
1098 send_resp(dut, conn, SIGMA_ERROR,
1099 "errorCode,Unsupported Issuing_Arch value");
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]1100 return STATUS_SENT;
Jouni Malinen93b170b2018-09-15 02:58:27 +0300[diff] [blame]1101 }
1102
1103 if (strcasecmp(root_ca, "ID-T") == 0) {
1104 sigma_dut_print(dut, DUT_MSG_DEBUG,
1105 "OSU trust root: NetworkFX");
1106 if (system("cp " CERT_DIR "/IDT-cert-RootCA.pem "
1107 CERT_DIR "/cacert.pem") < 0)
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]1108 return ERROR_SEND_STATUS;
Jouni Malinen93b170b2018-09-15 02:58:27 +0300[diff] [blame]1109 } else if (strcasecmp(root_ca, "ID-Y") == 0) {
1110 sigma_dut_print(dut, DUT_MSG_DEBUG,
1111 "OSU trust root: NetworkFX");
1112 if (system("cp " CERT_DIR "/IDY-cert-RootCA.pem "
1113 CERT_DIR "/cacert.pem") < 0)
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]1114 return ERROR_SEND_STATUS;
Jouni Malinen2e1ab0f2021-10-08 21:17:14 +0300[diff] [blame]1115 } else if (strcasecmp(root_ca, "ID-K.1") == 0) {
1116 sigma_dut_print(dut, DUT_MSG_DEBUG,
1117 "OSU trust root: Not-trusted");
1118 if (system("cp " CERT_DIR "/IDK1-ca.pem "
1119 CERT_DIR "/cacert.pem") < 0)
1120 return ERROR_SEND_STATUS;
Jouni Malinen93b170b2018-09-15 02:58:27 +0300[diff] [blame]1121 } else {
1122 send_resp(dut, conn, SIGMA_ERROR,
1123 "errorCode,Unsupported TrustRootCACert value");
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]1124 return STATUS_SENT;
Jouni Malinen93b170b2018-09-15 02:58:27 +0300[diff] [blame]1125 }
1126
1127 if (strcasecmp(inter_ca, "ID-Z.2") == 0) {
1128 sigma_dut_print(dut, DUT_MSG_DEBUG,
1129 "OSU intermediate CA: NetworkFX (col2)");
1130 if (system("cat " CERT_DIR "/IDZ2-cert-InterCA.pem >> "
1131 CERT_DIR "/cacert.pem") < 0)
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]1132 return ERROR_SEND_STATUS;
Jouni Malinen93b170b2018-09-15 02:58:27 +0300[diff] [blame]1133 } else if (strcasecmp(inter_ca, "ID-Z.4") == 0) {
1134 sigma_dut_print(dut, DUT_MSG_DEBUG,
1135 "OSU intermediate CA: DigiCert (col2)");
1136 if (system("cat " CERT_DIR "/IDZ4-cert-InterCA.pem >> "
1137 CERT_DIR "/cacert.pem") < 0)
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]1138 return ERROR_SEND_STATUS;
Jouni Malinen93b170b2018-09-15 02:58:27 +0300[diff] [blame]1139 } else if (strcasecmp(inter_ca, "ID-Z.6") == 0) {
1140 sigma_dut_print(dut, DUT_MSG_DEBUG,
1141 "OSU intermediate CA: NetworkFX (col4)");
1142 if (system("cat " CERT_DIR "/IDZ6-cert-InterCA.pem >> "
1143 CERT_DIR "/cacert.pem") < 0)
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]1144 return ERROR_SEND_STATUS;
Jouni Malinen93b170b2018-09-15 02:58:27 +0300[diff] [blame]1145 } else if (strcasecmp(inter_ca, "ID-Z.8") == 0) {
1146 sigma_dut_print(dut, DUT_MSG_DEBUG,
1147 "OSU intermediate CA: DigiCert (col4)");
1148 if (system("cat " CERT_DIR "/IDZ8-cert-InterCA.pem >> "
1149 CERT_DIR "/cacert.pem") < 0)
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]1150 return ERROR_SEND_STATUS;
Jouni Malinen2e1ab0f2021-10-08 21:17:14 +0300[diff] [blame]1151 } else if (strcasecmp(inter_ca, "ID-K.1") == 0) {
1152 sigma_dut_print(dut, DUT_MSG_DEBUG,
1153 "OSU intermediate CA: Not-trusted");
1154 if (system("cat " CERT_DIR "/IDK1-IntCA.pem >> "
1155 CERT_DIR "/cacert.pem") < 0)
1156 return ERROR_SEND_STATUS;
Jouni Malinen93b170b2018-09-15 02:58:27 +0300[diff] [blame]1157 } else {
1158 send_resp(dut, conn, SIGMA_ERROR,
1159 "errorCode,Unsupported InterCACert value");
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]1160 return STATUS_SENT;
Jouni Malinen93b170b2018-09-15 02:58:27 +0300[diff] [blame]1161 }
1162
1163 if (strcasecmp(osu_cert, "ID-Q") == 0) {
1164 sigma_dut_print(dut, DUT_MSG_DEBUG,
1165 "OSU server cert: NetworkFX col%d",
1166 col);
1167 snprintf(buf, sizeof(buf),
1168 "cp " CERT_DIR "/IDQ-cert-c%d-%s.pem "
1169 CERT_DIR "/server.pem",
1170 col, srv);
1171 snprintf(buf2, sizeof(buf2),
1172 "cp " CERT_DIR "/IDQ-key-%s.pem "
1173 CERT_DIR "/server.key", srv);
1174 } else if (strcasecmp(osu_cert, "ID-W") == 0) {
1175 sigma_dut_print(dut, DUT_MSG_DEBUG,
1176 "OSU server cert: DigiCert col%d",
1177 col);
1178 snprintf(buf, sizeof(buf),
1179 "cp " CERT_DIR "/IDW-cert-c%d-%s.pem "
1180 CERT_DIR "/server.pem",
1181 col, srv);
1182 snprintf(buf2, sizeof(buf2),
1183 "cp " CERT_DIR "/IDW-key-%s.pem "
1184 CERT_DIR "/server.key", srv);
Jouni Malinen2e1ab0f2021-10-08 21:17:14 +0300[diff] [blame]1185 } else if (strcasecmp(osu_cert, "ID-K.1") == 0) {
1186 sigma_dut_print(dut, DUT_MSG_DEBUG,
1187 "OSU server cert: Not-trusted");
1188 snprintf(buf, sizeof(buf),
1189 "cp " CERT_DIR "/IDK1-cert-%s.pem "
1190 CERT_DIR "/server.pem",
1191 srv);
1192 snprintf(buf2, sizeof(buf2),
1193 "cp " CERT_DIR "/IDK1-key-%s.pem "
1194 CERT_DIR "/server.key", srv);
Jouni Malinen93b170b2018-09-15 02:58:27 +0300[diff] [blame]1195 } else if (strcasecmp(osu_cert, "ID-R.2") == 0) {
1196 sigma_dut_print(dut, DUT_MSG_DEBUG,
1197 "OSU server cert: NetworkFX revoked col%d",
1198 col);
1199 snprintf(buf, sizeof(buf),
1200 "cp " CERT_DIR "/IDR2-cert-c%d-%s.pem "
1201 CERT_DIR "/server.pem",
1202 col, srv);
1203 snprintf(buf2, sizeof(buf2),
1204 "cp " CERT_DIR "/IDR2-key-%s.pem "
1205 CERT_DIR "/server.key", srv);
1206 } else if (strcasecmp(osu_cert, "ID-R.4") == 0) {
1207 sigma_dut_print(dut, DUT_MSG_DEBUG,
1208 "OSU server cert: DigiCert revoked col%d",
1209 col);
1210 snprintf(buf, sizeof(buf),
1211 "cp " CERT_DIR "/IDR4-cert-c%d-%s.pem "
1212 CERT_DIR "/server.pem",
1213 col, srv);
1214 snprintf(buf2, sizeof(buf2),
1215 "cp " CERT_DIR "/IDR4-key-%s.pem "
1216 CERT_DIR "/server.key", srv);
1217 } else {
1218 send_resp(dut, conn, SIGMA_ERROR,
1219 "errorCode,Unsupported OSUServerCert value");
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]1220 return STATUS_SENT;
Jouni Malinen93b170b2018-09-15 02:58:27 +0300[diff] [blame]1221 }
1222
1223 if (system(buf) < 0 || system(buf2) < 0)
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]1224 return ERROR_SEND_STATUS;
Jouni Malinen93b170b2018-09-15 02:58:27 +0300[diff] [blame]1225
1226 if (system("service apache2 reload") < 0) {
1227 send_resp(dut, conn, SIGMA_ERROR,
1228 "errorCode,Failed to restart Apache");
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]1229 return STATUS_SENT;
Jouni Malinen93b170b2018-09-15 02:58:27 +0300[diff] [blame]1230 }
Jouni Malinenab8c7182018-09-11 02:55:45 +0300[diff] [blame]1231 }
1232
1233 /* TODO */
Jouni Malinenfcaeee12019-02-19 12:27:36 +0200[diff] [blame]1234 return SUCCESS_SEND_STATUS;
Jouni Malinenab8c7182018-09-11 02:55:45 +0300[diff] [blame]1235}
1236
1237
Jouni Malinencd4e3c32015-10-29 12:39:56 +0200[diff] [blame]1238void server_register_cmds(void)
1239{
Jouni Malinen72ac93c2018-09-04 13:12:59 +0300[diff] [blame]1240 sigma_dut_reg_cmd("server_ca_get_version", NULL,
1241 cmd_server_ca_get_version);
1242 sigma_dut_reg_cmd("server_get_info", NULL,
1243 cmd_server_get_info);
Jouni Malinencd4e3c32015-10-29 12:39:56 +0200[diff] [blame]1244 sigma_dut_reg_cmd("server_reset_default", NULL,
1245 cmd_server_reset_default);
1246 sigma_dut_reg_cmd("server_request_status", NULL,
1247 cmd_server_request_status);
Jouni Malinenab8c7182018-09-11 02:55:45 +0300[diff] [blame]1248 sigma_dut_reg_cmd("server_set_parameter", NULL,
1249 cmd_server_set_parameter);
Jouni Malinencd4e3c32015-10-29 12:39:56 +0200[diff] [blame]1250}