Jouni Malinen | cd4e3c3 | 2015-10-29 12:39:56 +0200 | [diff] [blame] | 1 | /* |
| 2 | * Sigma Control API DUT (server) |
| 3 | * Copyright (c) 2014, Qualcomm Atheros, Inc. |
Jouni Malinen | 2feb913 | 2021-11-16 00:53:06 +0200 | [diff] [blame] | 4 | * Copyright (c) 2018-2021, The Linux Foundation |
Jouni Malinen | cd4e3c3 | 2015-10-29 12:39:56 +0200 | [diff] [blame] | 5 | * All Rights Reserved. |
| 6 | * Licensed under the Clear BSD license. See README for more details. |
| 7 | */ |
| 8 | |
| 9 | #include "sigma_dut.h" |
Jouni Malinen | 3b17d53 | 2018-09-04 19:10:58 +0300 | [diff] [blame] | 10 | #include <sqlite3.h> |
| 11 | |
Jouni Malinen | c54710d | 2019-01-23 12:34:21 +0200 | [diff] [blame] | 12 | #ifndef ROOT_DIR |
| 13 | #define ROOT_DIR "/home/user/hs20-server" |
| 14 | #endif /* ROOT_DIR */ |
| 15 | |
Jouni Malinen | 3b17d53 | 2018-09-04 19:10:58 +0300 | [diff] [blame] | 16 | #ifndef SERVER_DB |
Jouni Malinen | c54710d | 2019-01-23 12:34:21 +0200 | [diff] [blame] | 17 | #define SERVER_DB ROOT_DIR "/AS/DB/eap_user.db" |
Jouni Malinen | 3b17d53 | 2018-09-04 19:10:58 +0300 | [diff] [blame] | 18 | #endif /* SERVER_DB */ |
Jouni Malinen | cd4e3c3 | 2015-10-29 12:39:56 +0200 | [diff] [blame] | 19 | |
Jouni Malinen | 93b170b | 2018-09-15 02:58:27 +0300 | [diff] [blame] | 20 | #ifndef CERT_DIR |
Jouni Malinen | c54710d | 2019-01-23 12:34:21 +0200 | [diff] [blame] | 21 | #define CERT_DIR ROOT_DIR "/certs" |
Jouni Malinen | 93b170b | 2018-09-15 02:58:27 +0300 | [diff] [blame] | 22 | #endif /* CERT_DIR */ |
| 23 | |
Jouni Malinen | cd4e3c3 | 2015-10-29 12:39:56 +0200 | [diff] [blame] | 24 | |
Jouni Malinen | fcaeee1 | 2019-02-19 12:27:36 +0200 | [diff] [blame] | 25 | static enum sigma_cmd_result cmd_server_ca_get_version(struct sigma_dut *dut, |
| 26 | struct sigma_conn *conn, |
| 27 | struct sigma_cmd *cmd) |
Jouni Malinen | 72ac93c | 2018-09-04 13:12:59 +0300 | [diff] [blame] | 28 | { |
Jouni Malinen | df86647 | 2019-01-23 12:21:47 +0200 | [diff] [blame] | 29 | send_resp(dut, conn, SIGMA_COMPLETE, "version," SIGMA_DUT_VER); |
Jouni Malinen | fcaeee1 | 2019-02-19 12:27:36 +0200 | [diff] [blame] | 30 | return STATUS_SENT; |
Jouni Malinen | 72ac93c | 2018-09-04 13:12:59 +0300 | [diff] [blame] | 31 | } |
| 32 | |
| 33 | |
Jouni Malinen | fcaeee1 | 2019-02-19 12:27:36 +0200 | [diff] [blame] | 34 | static enum sigma_cmd_result cmd_server_get_info(struct sigma_dut *dut, |
| 35 | struct sigma_conn *conn, |
| 36 | struct sigma_cmd *cmd) |
Jouni Malinen | 72ac93c | 2018-09-04 13:12:59 +0300 | [diff] [blame] | 37 | { |
Jouni Malinen | c54710d | 2019-01-23 12:34:21 +0200 | [diff] [blame] | 38 | char ver[128], resp[256]; |
| 39 | |
| 40 | get_ver(ROOT_DIR "/spp/hs20_spp_server -v", ver, sizeof(ver)); |
| 41 | |
| 42 | snprintf(resp, sizeof(resp), "vendor,OSU,model,OS,version,%s", ver); |
| 43 | send_resp(dut, conn, SIGMA_COMPLETE, resp); |
Jouni Malinen | fcaeee1 | 2019-02-19 12:27:36 +0200 | [diff] [blame] | 44 | return STATUS_SENT; |
Jouni Malinen | 72ac93c | 2018-09-04 13:12:59 +0300 | [diff] [blame] | 45 | } |
| 46 | |
| 47 | |
Jouni Malinen | 3b17d53 | 2018-09-04 19:10:58 +0300 | [diff] [blame] | 48 | static int server_reset_user(struct sigma_dut *dut, const char *user) |
| 49 | { |
| 50 | sqlite3 *db; |
| 51 | int res = -1; |
| 52 | char *sql = NULL; |
| 53 | const char *realm = "wi-fi.org"; |
| 54 | const char *methods = "TTLS-MSCHAPV2"; |
| 55 | const char *password = "ChangeMe"; |
| 56 | int phase2 = 1; |
| 57 | int machine_managed = 1; |
Jouni Malinen | 657bde6 | 2018-10-08 12:34:47 +0300 | [diff] [blame] | 58 | const char *remediation = ""; |
Jouni Malinen | 3b17d53 | 2018-09-04 19:10:58 +0300 | [diff] [blame] | 59 | int fetch_pps = 0; |
| 60 | const char *osu_user = NULL; |
| 61 | const char *osu_password = NULL; |
Jouni Malinen | 7aab205 | 2018-10-19 18:40:58 +0300 | [diff] [blame] | 62 | const char *policy = NULL; |
Jouni Malinen | 3b17d53 | 2018-09-04 19:10:58 +0300 | [diff] [blame] | 63 | |
| 64 | sigma_dut_print(dut, DUT_MSG_DEBUG, "Reset user %s", user); |
| 65 | |
| 66 | if (sqlite3_open(SERVER_DB, &db)) { |
| 67 | sigma_dut_print(dut, DUT_MSG_ERROR, |
| 68 | "Failed to open SQLite database %s", |
| 69 | SERVER_DB); |
| 70 | return -1; |
| 71 | } |
| 72 | |
| 73 | if (strcmp(user, "test01") == 0) { |
Jouni Malinen | 657bde6 | 2018-10-08 12:34:47 +0300 | [diff] [blame] | 74 | remediation = "machine"; |
Jouni Malinen | 3b17d53 | 2018-09-04 19:10:58 +0300 | [diff] [blame] | 75 | } else if (strcmp(user, "test02") == 0) { |
Jouni Malinen | 657bde6 | 2018-10-08 12:34:47 +0300 | [diff] [blame] | 76 | remediation = "user"; |
Jouni Malinen | 3b17d53 | 2018-09-04 19:10:58 +0300 | [diff] [blame] | 77 | machine_managed = 0; |
| 78 | } else if (strcmp(user, "test03") == 0) { |
Jouni Malinen | 657bde6 | 2018-10-08 12:34:47 +0300 | [diff] [blame] | 79 | /* UpdateInterval-based client trigger for policy update */ |
Jouni Malinen | 7aab205 | 2018-10-19 18:40:58 +0300 | [diff] [blame] | 80 | policy = "ruckus130"; |
Jouni Malinen | 3b17d53 | 2018-09-04 19:10:58 +0300 | [diff] [blame] | 81 | } else if (strcmp(user, "test04") == 0) { |
| 82 | } else if (strcmp(user, "test05") == 0) { |
| 83 | } else if (strcmp(user, "test06") == 0) { |
| 84 | realm = "example.com"; |
| 85 | } else if (strcmp(user, "test07") == 0) { |
| 86 | } else if (strcmp(user, "test08") == 0) { |
Jouni Malinen | 657bde6 | 2018-10-08 12:34:47 +0300 | [diff] [blame] | 87 | remediation = "machine"; |
Jouni Malinen | 3b17d53 | 2018-09-04 19:10:58 +0300 | [diff] [blame] | 88 | osu_user = "testdmacc08"; |
| 89 | osu_password = "P@ssw0rd"; |
| 90 | } else if (strcmp(user, "test09") == 0) { |
Jouni Malinen | 657bde6 | 2018-10-08 12:34:47 +0300 | [diff] [blame] | 91 | /* UpdateInterval-based client trigger for policy update */ |
Jouni Malinen | 7aab205 | 2018-10-19 18:40:58 +0300 | [diff] [blame] | 92 | policy = "ruckus130"; |
Jouni Malinen | 364c081 | 2018-10-15 10:37:47 +0300 | [diff] [blame] | 93 | osu_user = "testdmacc09"; |
| 94 | osu_password = "P@ssw0rd"; |
Jouni Malinen | 3b17d53 | 2018-09-04 19:10:58 +0300 | [diff] [blame] | 95 | } else if (strcmp(user, "test10") == 0) { |
Jouni Malinen | 657bde6 | 2018-10-08 12:34:47 +0300 | [diff] [blame] | 96 | remediation = "machine"; |
Jouni Malinen | 3b17d53 | 2018-09-04 19:10:58 +0300 | [diff] [blame] | 97 | methods = "TLS"; |
| 98 | } else if (strcmp(user, "test11") == 0) { |
| 99 | } else if (strcmp(user, "test12") == 0) { |
Jouni Malinen | 657bde6 | 2018-10-08 12:34:47 +0300 | [diff] [blame] | 100 | remediation = "user"; |
Jouni Malinen | 3b17d53 | 2018-09-04 19:10:58 +0300 | [diff] [blame] | 101 | methods = "TLS"; |
| 102 | } else if (strcmp(user, "test20") == 0) { |
| 103 | } else if (strcmp(user, "test26") == 0) { |
| 104 | /* TODO: Cred01 with username/password? */ |
| 105 | user = "1310026000000001"; |
| 106 | methods = "SIM"; |
| 107 | } else if (strcmp(user, "test30") == 0) { |
| 108 | osu_user = "testdmacc30"; |
| 109 | osu_password = "P@ssw0rd"; |
| 110 | } else if (strcmp(user, "test31") == 0) { |
| 111 | osu_user = "testdmacc31"; |
| 112 | osu_password = "P@ssw0rd"; |
| 113 | } else if (strcmp(user, "test32") == 0) { |
| 114 | osu_user = "testdmacc32"; |
| 115 | osu_password = "P@ssw0rd"; |
| 116 | } else if (strcmp(user, "test33") == 0) { |
| 117 | osu_user = "testdmacc33"; |
| 118 | osu_password = "P@ssw0rd"; |
| 119 | } else if (strcmp(user, "test34") == 0) { |
| 120 | osu_user = "testdmacc34"; |
| 121 | osu_password = "P@ssw0rd"; |
| 122 | } else if (strcmp(user, "test35") == 0) { |
| 123 | osu_user = "testdmacc35"; |
| 124 | osu_password = "P@ssw0rd"; |
| 125 | } else if (strcmp(user, "test36") == 0) { |
| 126 | } else if (strcmp(user, "test37") == 0) { |
| 127 | osu_user = "testdmacc37"; |
| 128 | osu_password = "P@ssw0rd"; |
Jouni Malinen | 364c081 | 2018-10-15 10:37:47 +0300 | [diff] [blame] | 129 | } else if (strcmp(user, "testdmacc08") == 0 || |
| 130 | strcmp(user, "testdmacc09") == 0) { |
| 131 | /* No need to set anything separate for testdmacc* users */ |
| 132 | sqlite3_close(db); |
| 133 | return 0; |
Jouni Malinen | 3b17d53 | 2018-09-04 19:10:58 +0300 | [diff] [blame] | 134 | } else { |
| 135 | sigma_dut_print(dut, DUT_MSG_INFO, "Unsupported username '%s'", |
| 136 | user); |
| 137 | goto fail; |
| 138 | } |
| 139 | |
Jouni Malinen | 7aab205 | 2018-10-19 18:40:58 +0300 | [diff] [blame] | 140 | sql = sqlite3_mprintf("INSERT OR REPLACE INTO users(identity,realm,methods,password,phase2,machine_managed,remediation,fetch_pps,osu_user,osu_password,policy) VALUES (%Q,%Q,%Q,%Q,%d,%d,%Q,%d,%Q,%Q,%Q)", |
Jouni Malinen | 3b17d53 | 2018-09-04 19:10:58 +0300 | [diff] [blame] | 141 | user, realm, methods, password, |
| 142 | phase2, machine_managed, remediation, fetch_pps, |
Jouni Malinen | 7aab205 | 2018-10-19 18:40:58 +0300 | [diff] [blame] | 143 | osu_user, osu_password, policy); |
Jouni Malinen | 3b17d53 | 2018-09-04 19:10:58 +0300 | [diff] [blame] | 144 | |
| 145 | if (!sql) |
| 146 | goto fail; |
| 147 | |
| 148 | sigma_dut_print(dut, DUT_MSG_DEBUG, "SQL: %s", sql); |
| 149 | |
| 150 | if (sqlite3_exec(db, sql, NULL, NULL, NULL) != SQLITE_OK) { |
| 151 | sigma_dut_print(dut, DUT_MSG_ERROR, "SQL operation failed: %s", |
| 152 | sqlite3_errmsg(db)); |
| 153 | } else { |
| 154 | res = 0; |
| 155 | } |
| 156 | |
| 157 | sqlite3_free(sql); |
| 158 | |
| 159 | fail: |
| 160 | sqlite3_close(db); |
| 161 | |
| 162 | return res; |
| 163 | } |
| 164 | |
| 165 | |
Jouni Malinen | bbe959f | 2018-12-03 23:28:07 +0200 | [diff] [blame] | 166 | static int server_reset_serial(struct sigma_dut *dut, const char *serial) |
| 167 | { |
| 168 | sqlite3 *db; |
| 169 | int res = -1; |
| 170 | char *sql = NULL; |
| 171 | const char *realm = "wi-fi.org"; |
| 172 | const char *methods = "TLS"; |
| 173 | int phase2 = 0; |
| 174 | int machine_managed = 1; |
| 175 | const char *remediation = ""; |
| 176 | int fetch_pps = 0; |
| 177 | const char *osu_user = NULL; |
| 178 | const char *osu_password = NULL; |
| 179 | const char *policy = NULL; |
| 180 | char user[128]; |
Jouni Malinen | 2508a59 | 2019-01-23 01:07:08 +0200 | [diff] [blame] | 181 | const char *cert = ""; |
| 182 | const char *subrem = ""; |
Jouni Malinen | bbe959f | 2018-12-03 23:28:07 +0200 | [diff] [blame] | 183 | |
| 184 | snprintf(user, sizeof(user), "cert-%s", serial); |
| 185 | sigma_dut_print(dut, DUT_MSG_DEBUG, "Reset user %s (serial number: %s)", |
| 186 | user, serial); |
| 187 | |
| 188 | if (sqlite3_open(SERVER_DB, &db)) { |
| 189 | sigma_dut_print(dut, DUT_MSG_ERROR, |
| 190 | "Failed to open SQLite database %s", |
| 191 | SERVER_DB); |
| 192 | return -1; |
| 193 | } |
| 194 | |
| 195 | if (strcmp(serial, "1046") == 0) { |
| 196 | remediation = "machine"; |
Jouni Malinen | 2508a59 | 2019-01-23 01:07:08 +0200 | [diff] [blame] | 197 | cert = "3786eb9ef44778fe8048f9fa6f8c3e611f2dbdd15f239fa93edcc417debefa5a"; |
| 198 | subrem = "homeoi"; |
Jouni Malinen | bbe959f | 2018-12-03 23:28:07 +0200 | [diff] [blame] | 199 | } else if (strcmp(serial, "1047") == 0) { |
| 200 | remediation = "user"; |
Jouni Malinen | 2508a59 | 2019-01-23 01:07:08 +0200 | [diff] [blame] | 201 | cert = "55cd0af162f2fb6de5b9481e37a0b0887f42e477ab09586b0c10f24b269b893f"; |
Jouni Malinen | bbe959f | 2018-12-03 23:28:07 +0200 | [diff] [blame] | 202 | } else { |
| 203 | sigma_dut_print(dut, DUT_MSG_INFO, |
| 204 | "Unsupported serial number '%s'", serial); |
| 205 | goto fail; |
| 206 | } |
| 207 | |
Jouni Malinen | 2508a59 | 2019-01-23 01:07:08 +0200 | [diff] [blame] | 208 | sql = sqlite3_mprintf("INSERT OR REPLACE INTO users(identity,realm,methods,phase2,machine_managed,remediation,fetch_pps,osu_user,osu_password,policy,cert,subrem) VALUES (%Q,%Q,%Q,%d,%d,%Q,%d,%Q,%Q,%Q,%Q,%Q)", |
Jouni Malinen | bbe959f | 2018-12-03 23:28:07 +0200 | [diff] [blame] | 209 | user, realm, methods, |
| 210 | phase2, machine_managed, remediation, fetch_pps, |
Jouni Malinen | 2508a59 | 2019-01-23 01:07:08 +0200 | [diff] [blame] | 211 | osu_user, osu_password, policy, cert, subrem); |
Jouni Malinen | bbe959f | 2018-12-03 23:28:07 +0200 | [diff] [blame] | 212 | |
| 213 | if (!sql) |
| 214 | goto fail; |
| 215 | |
| 216 | sigma_dut_print(dut, DUT_MSG_DEBUG, "SQL: %s", sql); |
| 217 | |
| 218 | if (sqlite3_exec(db, sql, NULL, NULL, NULL) != SQLITE_OK) { |
| 219 | sigma_dut_print(dut, DUT_MSG_ERROR, "SQL operation failed: %s", |
| 220 | sqlite3_errmsg(db)); |
| 221 | } else { |
| 222 | res = 0; |
| 223 | } |
| 224 | |
| 225 | sqlite3_free(sql); |
| 226 | |
| 227 | fail: |
| 228 | sqlite3_close(db); |
| 229 | |
| 230 | return res; |
| 231 | } |
| 232 | |
| 233 | |
Jouni Malinen | 05630ab | 2018-09-15 02:59:58 +0300 | [diff] [blame] | 234 | static int server_reset_cert_enroll(struct sigma_dut *dut, const char *addr) |
| 235 | { |
| 236 | sqlite3 *db; |
| 237 | char *sql; |
| 238 | |
| 239 | sigma_dut_print(dut, DUT_MSG_DEBUG, |
| 240 | "Reset certificate enrollment status for %s", addr); |
| 241 | |
| 242 | if (sqlite3_open(SERVER_DB, &db)) { |
| 243 | sigma_dut_print(dut, DUT_MSG_ERROR, |
| 244 | "Failed to open SQLite database %s", |
| 245 | SERVER_DB); |
| 246 | return -1; |
| 247 | } |
Jouni Malinen | e2817ad | 2022-05-16 20:23:45 +0300 | [diff] [blame] | 248 | |
| 249 | if (strcasecmp(addr, "any") == 0) |
| 250 | sql = sqlite3_mprintf("DELETE FROM cert_enroll"); |
| 251 | else |
| 252 | sql = sqlite3_mprintf("DELETE FROM cert_enroll WHERE mac_addr=%Q", |
| 253 | addr); |
Jouni Malinen | 05630ab | 2018-09-15 02:59:58 +0300 | [diff] [blame] | 254 | if (!sql) { |
| 255 | sqlite3_close(db); |
| 256 | return -1; |
| 257 | } |
| 258 | sigma_dut_print(dut, DUT_MSG_DEBUG, "SQL: %s", sql); |
| 259 | |
| 260 | if (sqlite3_exec(db, sql, NULL, NULL, NULL) != SQLITE_OK) { |
| 261 | sigma_dut_print(dut, DUT_MSG_ERROR, |
| 262 | "SQL operation failed: %s", |
| 263 | sqlite3_errmsg(db)); |
| 264 | sqlite3_free(sql); |
| 265 | sqlite3_close(db); |
| 266 | return -1; |
| 267 | } |
| 268 | |
| 269 | sqlite3_free(sql); |
| 270 | sqlite3_close(db); |
| 271 | |
| 272 | return 0; |
| 273 | } |
| 274 | |
| 275 | |
Jouni Malinen | 4ec26fe | 2018-12-16 17:43:25 +0200 | [diff] [blame] | 276 | static int server_reset_imsi(struct sigma_dut *dut, const char *imsi) |
| 277 | { |
| 278 | sqlite3 *db; |
| 279 | char *sql; |
| 280 | |
| 281 | sigma_dut_print(dut, DUT_MSG_DEBUG, "Reset policy provisioning for %s", |
| 282 | imsi); |
| 283 | |
| 284 | if (sqlite3_open(SERVER_DB, &db)) { |
| 285 | sigma_dut_print(dut, DUT_MSG_ERROR, |
| 286 | "Failed to open SQLite database %s", |
| 287 | SERVER_DB); |
| 288 | return -1; |
| 289 | } |
| 290 | sql = sqlite3_mprintf("DELETE FROM users WHERE identity=%Q", imsi); |
| 291 | if (!sql) { |
| 292 | sqlite3_close(db); |
| 293 | return -1; |
| 294 | } |
| 295 | sigma_dut_print(dut, DUT_MSG_DEBUG, "SQL: %s", sql); |
| 296 | |
| 297 | if (sqlite3_exec(db, sql, NULL, NULL, NULL) != SQLITE_OK) { |
| 298 | sigma_dut_print(dut, DUT_MSG_ERROR, |
| 299 | "SQL operation failed: %s", |
| 300 | sqlite3_errmsg(db)); |
| 301 | sqlite3_free(sql); |
| 302 | sqlite3_close(db); |
| 303 | return -1; |
| 304 | } |
| 305 | |
| 306 | sqlite3_free(sql); |
| 307 | sqlite3_close(db); |
| 308 | |
| 309 | return 0; |
| 310 | } |
| 311 | |
| 312 | |
Jouni Malinen | fcaeee1 | 2019-02-19 12:27:36 +0200 | [diff] [blame] | 313 | static enum sigma_cmd_result cmd_server_reset_default(struct sigma_dut *dut, |
| 314 | struct sigma_conn *conn, |
| 315 | struct sigma_cmd *cmd) |
Jouni Malinen | cd4e3c3 | 2015-10-29 12:39:56 +0200 | [diff] [blame] | 316 | { |
| 317 | const char *var; |
Jouni Malinen | 94d7b12 | 2018-09-04 13:16:41 +0300 | [diff] [blame] | 318 | enum sigma_program prog; |
Jouni Malinen | cd4e3c3 | 2015-10-29 12:39:56 +0200 | [diff] [blame] | 319 | |
| 320 | var = get_param(cmd, "Program"); |
Jouni Malinen | 94d7b12 | 2018-09-04 13:16:41 +0300 | [diff] [blame] | 321 | if (!var) { |
| 322 | send_resp(dut, conn, SIGMA_ERROR, |
| 323 | "errorCode,Missing program parameter"); |
Jouni Malinen | fcaeee1 | 2019-02-19 12:27:36 +0200 | [diff] [blame] | 324 | return STATUS_SENT; |
Jouni Malinen | 94d7b12 | 2018-09-04 13:16:41 +0300 | [diff] [blame] | 325 | } |
| 326 | |
| 327 | prog = sigma_program_to_enum(var); |
Jouni Malinen | 409fc12 | 2022-09-29 18:54:09 +0300 | [diff] [blame] | 328 | if (!is_passpoint_r2_or_newer(prog)) { |
Jouni Malinen | cd4e3c3 | 2015-10-29 12:39:56 +0200 | [diff] [blame] | 329 | send_resp(dut, conn, SIGMA_ERROR, |
| 330 | "errorCode,Unsupported program"); |
Jouni Malinen | fcaeee1 | 2019-02-19 12:27:36 +0200 | [diff] [blame] | 331 | return STATUS_SENT; |
Jouni Malinen | cd4e3c3 | 2015-10-29 12:39:56 +0200 | [diff] [blame] | 332 | } |
| 333 | |
| 334 | var = get_param(cmd, "UserName"); |
Jouni Malinen | 3b17d53 | 2018-09-04 19:10:58 +0300 | [diff] [blame] | 335 | if (var && server_reset_user(dut, var) < 0) { |
| 336 | send_resp(dut, conn, SIGMA_ERROR, |
| 337 | "errorCode,Failed to reset user account to defaults"); |
Jouni Malinen | fcaeee1 | 2019-02-19 12:27:36 +0200 | [diff] [blame] | 338 | return STATUS_SENT; |
Jouni Malinen | cd4e3c3 | 2015-10-29 12:39:56 +0200 | [diff] [blame] | 339 | } |
| 340 | |
| 341 | var = get_param(cmd, "SerialNo"); |
Jouni Malinen | bbe959f | 2018-12-03 23:28:07 +0200 | [diff] [blame] | 342 | if (var && server_reset_serial(dut, var)) { |
| 343 | send_resp(dut, conn, SIGMA_ERROR, |
| 344 | "errorCode,Failed to reset user account to defaults"); |
Jouni Malinen | fcaeee1 | 2019-02-19 12:27:36 +0200 | [diff] [blame] | 345 | return STATUS_SENT; |
Jouni Malinen | cd4e3c3 | 2015-10-29 12:39:56 +0200 | [diff] [blame] | 346 | } |
| 347 | |
Jouni Malinen | 05630ab | 2018-09-15 02:59:58 +0300 | [diff] [blame] | 348 | var = get_param(cmd, "ClientMACAddr"); |
| 349 | if (var && server_reset_cert_enroll(dut, var) < 0) { |
| 350 | send_resp(dut, conn, SIGMA_ERROR, |
| 351 | "errorCode,Failed to reset cert enroll to defaults"); |
Jouni Malinen | fcaeee1 | 2019-02-19 12:27:36 +0200 | [diff] [blame] | 352 | return STATUS_SENT; |
Jouni Malinen | 05630ab | 2018-09-15 02:59:58 +0300 | [diff] [blame] | 353 | } |
| 354 | |
Jouni Malinen | 4ec26fe | 2018-12-16 17:43:25 +0200 | [diff] [blame] | 355 | var = get_param(cmd, "imsi_val"); |
| 356 | if (var && server_reset_imsi(dut, var) < 0) { |
| 357 | send_resp(dut, conn, SIGMA_ERROR, |
| 358 | "errorCode,Failed to reset IMSI/SIM user"); |
Jouni Malinen | fcaeee1 | 2019-02-19 12:27:36 +0200 | [diff] [blame] | 359 | return STATUS_SENT; |
Jouni Malinen | 4ec26fe | 2018-12-16 17:43:25 +0200 | [diff] [blame] | 360 | } |
| 361 | |
Jouni Malinen | fcaeee1 | 2019-02-19 12:27:36 +0200 | [diff] [blame] | 362 | return SUCCESS_SEND_STATUS; |
Jouni Malinen | cd4e3c3 | 2015-10-29 12:39:56 +0200 | [diff] [blame] | 363 | } |
| 364 | |
| 365 | |
Jouni Malinen | 0f1614b | 2018-09-11 04:40:20 +0300 | [diff] [blame] | 366 | static int get_last_msk_cb(void *ctx, int argc, char *argv[], char *col[]) |
| 367 | { |
| 368 | char **last_msk = ctx; |
| 369 | |
| 370 | if (argc < 1 || !argv[0]) |
| 371 | return 0; |
| 372 | |
| 373 | free(*last_msk); |
| 374 | *last_msk = strdup(argv[0]); |
| 375 | |
| 376 | return 0; |
| 377 | } |
| 378 | |
| 379 | |
| 380 | static char * get_last_msk(struct sigma_dut *dut, sqlite3 *db, |
| 381 | const char *username) |
| 382 | { |
| 383 | char *sql, *last_msk = NULL; |
| 384 | |
| 385 | sql = sqlite3_mprintf("SELECT last_msk FROM users WHERE identity=%Q", |
| 386 | username); |
| 387 | if (!sql) |
| 388 | return NULL; |
| 389 | |
| 390 | if (sqlite3_exec(db, sql, get_last_msk_cb, &last_msk, NULL) != |
| 391 | SQLITE_OK) { |
| 392 | sigma_dut_print(dut, DUT_MSG_ERROR, |
| 393 | "SQL operation to fetch last_msk failed: %s", |
| 394 | sqlite3_errmsg(db)); |
| 395 | sqlite3_free(sql); |
| 396 | return NULL; |
| 397 | } |
| 398 | |
| 399 | sqlite3_free(sql); |
| 400 | |
| 401 | return last_msk; |
| 402 | } |
| 403 | |
| 404 | |
Jouni Malinen | fcaeee1 | 2019-02-19 12:27:36 +0200 | [diff] [blame] | 405 | static enum sigma_cmd_result |
| 406 | aaa_auth_status(struct sigma_dut *dut, struct sigma_conn *conn, |
| 407 | struct sigma_cmd *cmd, const char *username, int timeout) |
Jouni Malinen | 0f1614b | 2018-09-11 04:40:20 +0300 | [diff] [blame] | 408 | { |
| 409 | sqlite3 *db; |
| 410 | char *sql = NULL; |
| 411 | int i; |
| 412 | char resp[500]; |
| 413 | |
| 414 | if (sqlite3_open(SERVER_DB, &db)) { |
| 415 | sigma_dut_print(dut, DUT_MSG_ERROR, |
| 416 | "Failed to open SQLite database %s", |
| 417 | SERVER_DB); |
Jouni Malinen | fcaeee1 | 2019-02-19 12:27:36 +0200 | [diff] [blame] | 418 | return INVALID_SEND_STATUS; |
Jouni Malinen | 0f1614b | 2018-09-11 04:40:20 +0300 | [diff] [blame] | 419 | } |
| 420 | |
| 421 | sql = sqlite3_mprintf("UPDATE users SET last_msk=NULL WHERE identity=%Q", |
| 422 | username); |
| 423 | if (!sql) { |
| 424 | sqlite3_close(db); |
Jouni Malinen | fcaeee1 | 2019-02-19 12:27:36 +0200 | [diff] [blame] | 425 | return ERROR_SEND_STATUS; |
Jouni Malinen | 0f1614b | 2018-09-11 04:40:20 +0300 | [diff] [blame] | 426 | } |
| 427 | |
| 428 | if (sqlite3_exec(db, sql, NULL, NULL, NULL) != SQLITE_OK) { |
| 429 | sigma_dut_print(dut, DUT_MSG_ERROR, |
| 430 | "SQL operation to clear last_msk failed: %s", |
| 431 | sqlite3_errmsg(db)); |
| 432 | sqlite3_free(sql); |
| 433 | sqlite3_close(db); |
Jouni Malinen | fcaeee1 | 2019-02-19 12:27:36 +0200 | [diff] [blame] | 434 | return ERROR_SEND_STATUS; |
Jouni Malinen | 0f1614b | 2018-09-11 04:40:20 +0300 | [diff] [blame] | 435 | } |
| 436 | |
| 437 | sqlite3_free(sql); |
| 438 | |
Jouni Malinen | 89dfb22 | 2018-10-07 16:51:39 +0300 | [diff] [blame] | 439 | if (sqlite3_changes(db) < 1) { |
| 440 | sigma_dut_print(dut, DUT_MSG_ERROR, |
| 441 | "No DB rows modified (specified user not found)"); |
| 442 | sqlite3_close(db); |
Jouni Malinen | fcaeee1 | 2019-02-19 12:27:36 +0200 | [diff] [blame] | 443 | return ERROR_SEND_STATUS; |
Jouni Malinen | 89dfb22 | 2018-10-07 16:51:39 +0300 | [diff] [blame] | 444 | } |
| 445 | |
Jouni Malinen | 0f1614b | 2018-09-11 04:40:20 +0300 | [diff] [blame] | 446 | snprintf(resp, sizeof(resp), "AuthStatus,TIMEOUT,MSK,NULL"); |
| 447 | |
| 448 | for (i = 0; i < timeout; i++) { |
| 449 | char *last_msk; |
| 450 | |
| 451 | last_msk = get_last_msk(dut, db, username); |
| 452 | if (last_msk) { |
| 453 | if (strcmp(last_msk, "FAIL") == 0) { |
| 454 | snprintf(resp, sizeof(resp), |
| 455 | "AuthStatus,FAIL,MSK,NULL"); |
| 456 | } else { |
| 457 | snprintf(resp, sizeof(resp), |
| 458 | "AuthStatus,SUCCESS,MSK,%s", last_msk); |
| 459 | } |
| 460 | free(last_msk); |
| 461 | break; |
| 462 | } |
| 463 | sleep(1); |
| 464 | } |
| 465 | |
| 466 | sqlite3_close(db); |
| 467 | |
| 468 | send_resp(dut, conn, SIGMA_COMPLETE, resp); |
Jouni Malinen | fcaeee1 | 2019-02-19 12:27:36 +0200 | [diff] [blame] | 469 | return STATUS_SENT; |
Jouni Malinen | 0f1614b | 2018-09-11 04:40:20 +0300 | [diff] [blame] | 470 | } |
| 471 | |
| 472 | |
Jouni Malinen | 05630ab | 2018-09-15 02:59:58 +0300 | [diff] [blame] | 473 | static int get_last_serial_cb(void *ctx, int argc, char *argv[], char *col[]) |
| 474 | { |
| 475 | char **last_serial = ctx; |
| 476 | |
| 477 | if (argc < 1 || !argv[0]) |
| 478 | return 0; |
| 479 | |
| 480 | free(*last_serial); |
| 481 | *last_serial = strdup(argv[0]); |
| 482 | |
| 483 | return 0; |
| 484 | } |
| 485 | |
| 486 | |
| 487 | static char * get_last_serial(struct sigma_dut *dut, sqlite3 *db, |
| 488 | const char *addr) |
| 489 | { |
| 490 | char *sql, *last_serial = NULL; |
| 491 | |
Jouni Malinen | e2817ad | 2022-05-16 20:23:45 +0300 | [diff] [blame] | 492 | if (!addr || strcasecmp(addr, "any") == 0) |
| 493 | sql = sqlite3_mprintf("SELECT serialnum FROM cert_enroll"); |
| 494 | else |
| 495 | sql = sqlite3_mprintf("SELECT serialnum FROM cert_enroll WHERE mac_addr=%Q", |
| 496 | addr); |
Jouni Malinen | 05630ab | 2018-09-15 02:59:58 +0300 | [diff] [blame] | 497 | if (!sql) |
| 498 | return NULL; |
| 499 | sigma_dut_print(dut, DUT_MSG_DEBUG, "SQL: %s", sql); |
| 500 | |
| 501 | if (sqlite3_exec(db, sql, get_last_serial_cb, &last_serial, NULL) != |
| 502 | SQLITE_OK) { |
| 503 | sigma_dut_print(dut, DUT_MSG_ERROR, |
| 504 | "SQL operation to fetch last_serial failed: %s", |
| 505 | sqlite3_errmsg(db)); |
| 506 | sqlite3_free(sql); |
| 507 | return NULL; |
| 508 | } |
| 509 | |
| 510 | sqlite3_free(sql); |
| 511 | |
| 512 | return last_serial; |
| 513 | } |
| 514 | |
| 515 | |
Jouni Malinen | fcaeee1 | 2019-02-19 12:27:36 +0200 | [diff] [blame] | 516 | static enum sigma_cmd_result |
| 517 | osu_cert_enroll_status(struct sigma_dut *dut, struct sigma_conn *conn, |
| 518 | struct sigma_cmd *cmd, const char *addr, int timeout) |
Jouni Malinen | 05630ab | 2018-09-15 02:59:58 +0300 | [diff] [blame] | 519 | { |
| 520 | sqlite3 *db; |
| 521 | int i; |
| 522 | char resp[500]; |
| 523 | |
| 524 | if (sqlite3_open(SERVER_DB, &db)) { |
| 525 | sigma_dut_print(dut, DUT_MSG_ERROR, |
| 526 | "Failed to open SQLite database %s", |
| 527 | SERVER_DB); |
Jouni Malinen | fcaeee1 | 2019-02-19 12:27:36 +0200 | [diff] [blame] | 528 | return INVALID_SEND_STATUS; |
Jouni Malinen | 05630ab | 2018-09-15 02:59:58 +0300 | [diff] [blame] | 529 | } |
| 530 | |
| 531 | snprintf(resp, sizeof(resp), "OSUStatus,TIMEOUT"); |
| 532 | |
| 533 | for (i = 0; i < timeout; i++) { |
| 534 | char *last_serial; |
| 535 | |
| 536 | last_serial = get_last_serial(dut, db, addr); |
| 537 | if (last_serial) { |
| 538 | if (strcmp(last_serial, "FAIL") == 0) { |
| 539 | snprintf(resp, sizeof(resp), |
| 540 | "OSUStatus,FAIL"); |
| 541 | } else if (strlen(last_serial) > 0) { |
| 542 | snprintf(resp, sizeof(resp), |
| 543 | "OSUStatus,SUCCESS,SerialNo,%s", |
| 544 | last_serial); |
| 545 | } |
| 546 | free(last_serial); |
| 547 | break; |
| 548 | } |
| 549 | sleep(1); |
| 550 | } |
| 551 | |
| 552 | sqlite3_close(db); |
| 553 | |
| 554 | send_resp(dut, conn, SIGMA_COMPLETE, resp); |
Jouni Malinen | fcaeee1 | 2019-02-19 12:27:36 +0200 | [diff] [blame] | 555 | return STATUS_SENT; |
Jouni Malinen | 05630ab | 2018-09-15 02:59:58 +0300 | [diff] [blame] | 556 | } |
| 557 | |
| 558 | |
Jouni Malinen | 4ea3acb | 2018-10-08 13:06:30 +0300 | [diff] [blame] | 559 | static int get_user_field_cb(void *ctx, int argc, char *argv[], char *col[]) |
| 560 | { |
| 561 | char **val = ctx; |
| 562 | |
| 563 | if (argc < 1 || !argv[0]) |
| 564 | return 0; |
| 565 | |
| 566 | free(*val); |
| 567 | *val = strdup(argv[0]); |
| 568 | |
| 569 | return 0; |
| 570 | } |
| 571 | |
| 572 | |
Jouni Malinen | de664c3 | 2018-10-15 11:02:07 +0300 | [diff] [blame] | 573 | static char * get_user_field_helper(struct sigma_dut *dut, sqlite3 *db, |
| 574 | const char *id_field, |
| 575 | const char *identity, const char *field) |
Jouni Malinen | 4ea3acb | 2018-10-08 13:06:30 +0300 | [diff] [blame] | 576 | { |
| 577 | char *sql, *val = NULL; |
| 578 | |
Jouni Malinen | de664c3 | 2018-10-15 11:02:07 +0300 | [diff] [blame] | 579 | sql = sqlite3_mprintf("SELECT %s FROM users WHERE %s=%Q", |
| 580 | field, id_field, identity); |
Jouni Malinen | 4ea3acb | 2018-10-08 13:06:30 +0300 | [diff] [blame] | 581 | if (!sql) |
| 582 | return NULL; |
| 583 | sigma_dut_print(dut, DUT_MSG_DEBUG, "SQL: %s", sql); |
| 584 | |
| 585 | if (sqlite3_exec(db, sql, get_user_field_cb, &val, NULL) != SQLITE_OK) { |
| 586 | sigma_dut_print(dut, DUT_MSG_ERROR, |
| 587 | "SQL operation to fetch user field failed: %s", |
| 588 | sqlite3_errmsg(db)); |
| 589 | sqlite3_free(sql); |
| 590 | return NULL; |
| 591 | } |
| 592 | |
| 593 | sqlite3_free(sql); |
| 594 | |
| 595 | return val; |
| 596 | } |
| 597 | |
| 598 | |
Jouni Malinen | de664c3 | 2018-10-15 11:02:07 +0300 | [diff] [blame] | 599 | static char * get_user_field(struct sigma_dut *dut, sqlite3 *db, |
| 600 | const char *identity, const char *field) |
| 601 | { |
| 602 | return get_user_field_helper(dut, db, "identity", identity, field); |
| 603 | } |
| 604 | |
| 605 | |
| 606 | static char * get_user_dmacc_field(struct sigma_dut *dut, sqlite3 *db, |
| 607 | const char *identity, const char *field) |
| 608 | { |
| 609 | return get_user_field_helper(dut, db, "osu_user", identity, field); |
| 610 | } |
| 611 | |
| 612 | |
Jouni Malinen | 33f2acf | 2019-01-10 00:46:00 +0200 | [diff] [blame] | 613 | static int get_eventlog_new_serialno_cb(void *ctx, int argc, char *argv[], |
| 614 | char *col[]) |
| 615 | { |
| 616 | char **serialno = ctx; |
| 617 | char *val; |
| 618 | |
| 619 | if (argc < 1 || !argv[0]) |
| 620 | return 0; |
| 621 | |
| 622 | val = argv[0]; |
| 623 | if (strncmp(val, "renamed user to: cert-", 22) != 0) |
| 624 | return 0; |
| 625 | val += 22; |
| 626 | free(*serialno); |
| 627 | *serialno = strdup(val); |
| 628 | |
| 629 | return 0; |
| 630 | } |
| 631 | |
| 632 | |
| 633 | static char * get_eventlog_new_serialno(struct sigma_dut *dut, sqlite3 *db, |
| 634 | const char *username) |
| 635 | { |
| 636 | char *sql, *serial = NULL; |
| 637 | |
| 638 | sql = sqlite3_mprintf("SELECT notes FROM eventlog WHERE user=%Q AND notes LIKE %Q", |
| 639 | username, "renamed user to:%"); |
| 640 | if (!sql) |
| 641 | return NULL; |
| 642 | |
| 643 | if (sqlite3_exec(db, sql, get_eventlog_new_serialno_cb, &serial, |
| 644 | NULL) != SQLITE_OK) { |
| 645 | sigma_dut_print(dut, DUT_MSG_ERROR, |
| 646 | "SQL operation to fetch new serialno failed: %s", |
| 647 | sqlite3_errmsg(db)); |
| 648 | sqlite3_free(sql); |
| 649 | return NULL; |
| 650 | } |
| 651 | |
| 652 | sqlite3_free(sql); |
| 653 | |
| 654 | return serial; |
| 655 | } |
| 656 | |
| 657 | |
Jouni Malinen | fcaeee1 | 2019-02-19 12:27:36 +0200 | [diff] [blame] | 658 | static enum sigma_cmd_result |
| 659 | osu_remediation_status(struct sigma_dut *dut, struct sigma_conn *conn, |
| 660 | int timeout, const char *username, const char *serialno) |
Jouni Malinen | 4ea3acb | 2018-10-08 13:06:30 +0300 | [diff] [blame] | 661 | { |
| 662 | sqlite3 *db; |
| 663 | int i; |
| 664 | char resp[500]; |
| 665 | char name[100]; |
| 666 | char *remediation = NULL; |
Jouni Malinen | de664c3 | 2018-10-15 11:02:07 +0300 | [diff] [blame] | 667 | int dmacc = 0; |
Jouni Malinen | 4ea3acb | 2018-10-08 13:06:30 +0300 | [diff] [blame] | 668 | |
| 669 | if (!username && !serialno) |
Jouni Malinen | fcaeee1 | 2019-02-19 12:27:36 +0200 | [diff] [blame] | 670 | return INVALID_SEND_STATUS; |
Jouni Malinen | 4ea3acb | 2018-10-08 13:06:30 +0300 | [diff] [blame] | 671 | if (!username) { |
| 672 | snprintf(name, sizeof(name), "cert-%s", serialno); |
| 673 | username = name; |
| 674 | } |
| 675 | |
| 676 | if (sqlite3_open(SERVER_DB, &db)) { |
| 677 | sigma_dut_print(dut, DUT_MSG_ERROR, |
| 678 | "Failed to open SQLite database %s", |
| 679 | SERVER_DB); |
Jouni Malinen | fcaeee1 | 2019-02-19 12:27:36 +0200 | [diff] [blame] | 680 | return ERROR_SEND_STATUS; |
Jouni Malinen | 4ea3acb | 2018-10-08 13:06:30 +0300 | [diff] [blame] | 681 | } |
| 682 | |
| 683 | remediation = get_user_field(dut, db, username, "remediation"); |
| 684 | if (!remediation) { |
Jouni Malinen | de664c3 | 2018-10-15 11:02:07 +0300 | [diff] [blame] | 685 | remediation = get_user_dmacc_field(dut, db, username, |
| 686 | "remediation"); |
| 687 | dmacc = 1; |
| 688 | } |
| 689 | if (!remediation) { |
Jouni Malinen | 4ea3acb | 2018-10-08 13:06:30 +0300 | [diff] [blame] | 690 | snprintf(resp, sizeof(resp), |
| 691 | "RemediationStatus,User entry not found"); |
| 692 | goto done; |
| 693 | } |
| 694 | if (remediation[0] == '\0') { |
| 695 | snprintf(resp, sizeof(resp), |
| 696 | "RemediationStatus,User was not configured to need remediation"); |
| 697 | goto done; |
| 698 | } |
| 699 | |
| 700 | snprintf(resp, sizeof(resp), "RemediationStatus,TIMEOUT"); |
| 701 | |
| 702 | for (i = 0; i < timeout; i++) { |
| 703 | sleep(1); |
| 704 | free(remediation); |
Jouni Malinen | de664c3 | 2018-10-15 11:02:07 +0300 | [diff] [blame] | 705 | if (dmacc) |
| 706 | remediation = get_user_dmacc_field(dut, db, username, |
| 707 | "remediation"); |
| 708 | else |
| 709 | remediation = get_user_field(dut, db, username, |
| 710 | "remediation"); |
Jouni Malinen | 33f2acf | 2019-01-10 00:46:00 +0200 | [diff] [blame] | 711 | if (!remediation && serialno) { |
| 712 | char *new_serial; |
| 713 | |
| 714 | /* Certificate reenrollment through subscription |
| 715 | * remediation - fetch the new serial number */ |
| 716 | new_serial = get_eventlog_new_serialno(dut, db, |
| 717 | username); |
| 718 | if (!new_serial) { |
| 719 | /* New SerialNo not known?! */ |
| 720 | snprintf(resp, sizeof(resp), |
| 721 | "RemediationStatus,Remediation Complete,SerialNo,Unknown"); |
| 722 | break; |
| 723 | } |
| 724 | snprintf(resp, sizeof(resp), |
| 725 | "RemediationStatus,Remediation Complete,SerialNo,%s", |
| 726 | new_serial); |
| 727 | free(new_serial); |
| 728 | break; |
| 729 | } else if (remediation && remediation[0] == '\0') { |
Jouni Malinen | 4ea3acb | 2018-10-08 13:06:30 +0300 | [diff] [blame] | 730 | snprintf(resp, sizeof(resp), |
| 731 | "RemediationStatus,Remediation Complete"); |
| 732 | break; |
| 733 | } |
| 734 | } |
| 735 | |
| 736 | done: |
| 737 | free(remediation); |
| 738 | sqlite3_close(db); |
| 739 | |
| 740 | send_resp(dut, conn, SIGMA_COMPLETE, resp); |
Jouni Malinen | fcaeee1 | 2019-02-19 12:27:36 +0200 | [diff] [blame] | 741 | return STATUS_SENT; |
Jouni Malinen | 4ea3acb | 2018-10-08 13:06:30 +0300 | [diff] [blame] | 742 | } |
| 743 | |
| 744 | |
Jouni Malinen | fcaeee1 | 2019-02-19 12:27:36 +0200 | [diff] [blame] | 745 | static enum sigma_cmd_result |
| 746 | osu_polupd_status(struct sigma_dut *dut, struct sigma_conn *conn, int timeout, |
| 747 | const char *username, const char *serialno) |
Jouni Malinen | e926583 | 2018-10-19 18:59:58 +0300 | [diff] [blame] | 748 | { |
| 749 | sqlite3 *db; |
| 750 | char *sql; |
| 751 | int i; |
| 752 | char resp[500]; |
| 753 | char name[100]; |
| 754 | char *policy = NULL; |
| 755 | int dmacc = 0; |
| 756 | |
| 757 | if (!username && !serialno) |
Jouni Malinen | fcaeee1 | 2019-02-19 12:27:36 +0200 | [diff] [blame] | 758 | return INVALID_SEND_STATUS; |
Jouni Malinen | e926583 | 2018-10-19 18:59:58 +0300 | [diff] [blame] | 759 | if (!username) { |
| 760 | snprintf(name, sizeof(name), "cert-%s", serialno); |
| 761 | username = name; |
| 762 | } |
| 763 | |
| 764 | if (sqlite3_open(SERVER_DB, &db)) { |
| 765 | sigma_dut_print(dut, DUT_MSG_ERROR, |
| 766 | "Failed to open SQLite database %s", |
| 767 | SERVER_DB); |
Jouni Malinen | fcaeee1 | 2019-02-19 12:27:36 +0200 | [diff] [blame] | 768 | return ERROR_SEND_STATUS; |
Jouni Malinen | e926583 | 2018-10-19 18:59:58 +0300 | [diff] [blame] | 769 | } |
| 770 | |
| 771 | policy = get_user_field(dut, db, username, "policy"); |
| 772 | if (!policy) { |
| 773 | policy = get_user_dmacc_field(dut, db, username, "policy"); |
| 774 | dmacc = 1; |
| 775 | } |
| 776 | if (!policy) { |
| 777 | snprintf(resp, sizeof(resp), |
| 778 | "PolicyUpdateStatus,User entry not found"); |
| 779 | goto done; |
| 780 | } |
| 781 | if (policy[0] == '\0') { |
| 782 | snprintf(resp, sizeof(resp), |
| 783 | "PolicyUpdateStatus,User was not configured to need policy update"); |
| 784 | goto done; |
| 785 | } |
| 786 | |
| 787 | sql = sqlite3_mprintf("UPDATE users SET polupd_done=0 WHERE %s=%Q", |
| 788 | (dmacc ? "osu_user" : "identity"), |
| 789 | username); |
| 790 | if (!sql) { |
| 791 | snprintf(resp, sizeof(resp), |
| 792 | "PolicyUpdateStatus,Internal error"); |
| 793 | goto done; |
| 794 | } |
| 795 | sigma_dut_print(dut, DUT_MSG_DEBUG, "SQL: %s", sql); |
| 796 | if (sqlite3_exec(db, sql, NULL, NULL, NULL) != SQLITE_OK) { |
| 797 | sigma_dut_print(dut, DUT_MSG_ERROR, |
| 798 | "SQL operation to fetch user field failed: %s", |
| 799 | sqlite3_errmsg(db)); |
| 800 | sqlite3_free(sql); |
| 801 | goto done; |
| 802 | } |
| 803 | sqlite3_free(sql); |
| 804 | |
| 805 | snprintf(resp, sizeof(resp), "PolicyUpdateStatus,TIMEOUT"); |
| 806 | |
| 807 | for (i = 0; i < timeout; i++) { |
| 808 | sleep(1); |
| 809 | free(policy); |
| 810 | if (dmacc) |
| 811 | policy = get_user_dmacc_field(dut, db, username, |
| 812 | "polupd_done"); |
| 813 | else |
| 814 | policy = get_user_field(dut, db, username, |
| 815 | "polupd_done"); |
| 816 | if (policy && atoi(policy)) { |
| 817 | snprintf(resp, sizeof(resp), |
| 818 | "PolicyUpdateStatus,UpdateComplete"); |
| 819 | break; |
| 820 | } |
| 821 | } |
| 822 | |
| 823 | done: |
| 824 | free(policy); |
| 825 | sqlite3_close(db); |
| 826 | |
| 827 | send_resp(dut, conn, SIGMA_COMPLETE, resp); |
Jouni Malinen | fcaeee1 | 2019-02-19 12:27:36 +0200 | [diff] [blame] | 828 | return STATUS_SENT; |
Jouni Malinen | e926583 | 2018-10-19 18:59:58 +0300 | [diff] [blame] | 829 | } |
| 830 | |
| 831 | |
Jouni Malinen | fcaeee1 | 2019-02-19 12:27:36 +0200 | [diff] [blame] | 832 | static enum sigma_cmd_result |
| 833 | osu_sim_policy_provisioning_status(struct sigma_dut *dut, |
| 834 | struct sigma_conn *conn, |
| 835 | const char *imsi, int timeout) |
Jouni Malinen | 7116cd4 | 2018-12-16 17:51:11 +0200 | [diff] [blame] | 836 | { |
| 837 | sqlite3 *db; |
| 838 | int i; |
| 839 | char resp[500]; |
| 840 | char *id = NULL; |
| 841 | |
| 842 | if (sqlite3_open(SERVER_DB, &db)) { |
| 843 | sigma_dut_print(dut, DUT_MSG_ERROR, |
| 844 | "Failed to open SQLite database %s", |
| 845 | SERVER_DB); |
Jouni Malinen | fcaeee1 | 2019-02-19 12:27:36 +0200 | [diff] [blame] | 846 | return INVALID_SEND_STATUS; |
Jouni Malinen | 7116cd4 | 2018-12-16 17:51:11 +0200 | [diff] [blame] | 847 | } |
| 848 | |
| 849 | snprintf(resp, sizeof(resp), "PolicyProvisioning,TIMEOUT"); |
| 850 | |
| 851 | for (i = 0; i < timeout; i++) { |
| 852 | free(id); |
| 853 | id = get_user_field(dut, db, imsi, "identity"); |
| 854 | if (id) { |
| 855 | snprintf(resp, sizeof(resp), |
| 856 | "PolicyProvisioning,Provisioning Complete"); |
| 857 | break; |
| 858 | } |
| 859 | sleep(1); |
| 860 | } |
| 861 | |
| 862 | free(id); |
| 863 | sqlite3_close(db); |
| 864 | |
| 865 | send_resp(dut, conn, SIGMA_COMPLETE, resp); |
Jouni Malinen | fcaeee1 | 2019-02-19 12:27:36 +0200 | [diff] [blame] | 866 | return STATUS_SENT; |
Jouni Malinen | 7116cd4 | 2018-12-16 17:51:11 +0200 | [diff] [blame] | 867 | } |
| 868 | |
| 869 | |
Jouni Malinen | fcaeee1 | 2019-02-19 12:27:36 +0200 | [diff] [blame] | 870 | static enum sigma_cmd_result cmd_server_request_status(struct sigma_dut *dut, |
| 871 | struct sigma_conn *conn, |
| 872 | struct sigma_cmd *cmd) |
Jouni Malinen | cd4e3c3 | 2015-10-29 12:39:56 +0200 | [diff] [blame] | 873 | { |
| 874 | const char *var, *username, *serialno, *imsi, *addr, *status; |
| 875 | int osu, timeout; |
| 876 | char resp[500]; |
Jouni Malinen | 0f1614b | 2018-09-11 04:40:20 +0300 | [diff] [blame] | 877 | enum sigma_program prog; |
Jouni Malinen | cd4e3c3 | 2015-10-29 12:39:56 +0200 | [diff] [blame] | 878 | |
| 879 | var = get_param(cmd, "Program"); |
Jouni Malinen | 0f1614b | 2018-09-11 04:40:20 +0300 | [diff] [blame] | 880 | if (!var) { |
| 881 | send_resp(dut, conn, SIGMA_ERROR, |
| 882 | "errorCode,Missing program parameter"); |
Jouni Malinen | fcaeee1 | 2019-02-19 12:27:36 +0200 | [diff] [blame] | 883 | return STATUS_SENT; |
Jouni Malinen | 0f1614b | 2018-09-11 04:40:20 +0300 | [diff] [blame] | 884 | } |
| 885 | |
| 886 | prog = sigma_program_to_enum(var); |
Jouni Malinen | 409fc12 | 2022-09-29 18:54:09 +0300 | [diff] [blame] | 887 | if (!is_passpoint_r2_or_newer(prog)) { |
Jouni Malinen | 0b1be63 | 2022-05-16 20:02:13 +0300 | [diff] [blame] | 888 | send_resp(dut, conn, SIGMA_ERROR, |
Jouni Malinen | cd4e3c3 | 2015-10-29 12:39:56 +0200 | [diff] [blame] | 889 | "errorCode,Unsupported program"); |
Jouni Malinen | fcaeee1 | 2019-02-19 12:27:36 +0200 | [diff] [blame] | 890 | return STATUS_SENT; |
Jouni Malinen | cd4e3c3 | 2015-10-29 12:39:56 +0200 | [diff] [blame] | 891 | } |
| 892 | |
| 893 | var = get_param(cmd, "Device"); |
| 894 | if (!var || |
| 895 | (strcasecmp(var, "AAAServer") != 0 && |
| 896 | strcasecmp(var, "OSUServer") != 0)) { |
| 897 | send_resp(dut, conn, SIGMA_ERROR, |
| 898 | "errorCode,Unsupported device type"); |
Jouni Malinen | fcaeee1 | 2019-02-19 12:27:36 +0200 | [diff] [blame] | 899 | return STATUS_SENT; |
Jouni Malinen | cd4e3c3 | 2015-10-29 12:39:56 +0200 | [diff] [blame] | 900 | } |
| 901 | osu = strcasecmp(var, "OSUServer") == 0; |
| 902 | |
| 903 | var = get_param(cmd, "Timeout"); |
| 904 | if (!var) { |
| 905 | send_resp(dut, conn, SIGMA_ERROR, |
| 906 | "errorCode,Missing timeout"); |
Jouni Malinen | fcaeee1 | 2019-02-19 12:27:36 +0200 | [diff] [blame] | 907 | return STATUS_SENT; |
Jouni Malinen | cd4e3c3 | 2015-10-29 12:39:56 +0200 | [diff] [blame] | 908 | } |
| 909 | timeout = atoi(var); |
| 910 | sigma_dut_print(dut, DUT_MSG_DEBUG, "timeout: %d", timeout); |
| 911 | |
| 912 | username = get_param(cmd, "UserName"); |
| 913 | if (username) |
| 914 | sigma_dut_print(dut, DUT_MSG_DEBUG, "UserName: %s", username); |
| 915 | serialno = get_param(cmd, "SerialNo"); |
| 916 | if (serialno) |
| 917 | sigma_dut_print(dut, DUT_MSG_DEBUG, "SerialNo: %s", serialno); |
| 918 | imsi = get_param(cmd, "imsi_val"); |
| 919 | if (imsi) |
| 920 | sigma_dut_print(dut, DUT_MSG_DEBUG, "imsi_val: %s", imsi); |
| 921 | addr = get_param(cmd, "ClientMACAddr"); |
| 922 | if (addr) |
| 923 | sigma_dut_print(dut, DUT_MSG_DEBUG, "ClientMACAddr: %s", addr); |
| 924 | status = get_param(cmd, "Status"); |
| 925 | if (status) |
| 926 | sigma_dut_print(dut, DUT_MSG_DEBUG, "Status: %s", status); |
| 927 | |
Jouni Malinen | 4ea3acb | 2018-10-08 13:06:30 +0300 | [diff] [blame] | 928 | if (osu && status && strcasecmp(status, "Remediation") == 0) |
| 929 | return osu_remediation_status(dut, conn, timeout, username, |
| 930 | serialno); |
Jouni Malinen | cd4e3c3 | 2015-10-29 12:39:56 +0200 | [diff] [blame] | 931 | |
Jouni Malinen | e926583 | 2018-10-19 18:59:58 +0300 | [diff] [blame] | 932 | if (osu && status && strcasecmp(status, "PolicyUpdate") == 0) |
| 933 | return osu_polupd_status(dut, conn, timeout, username, |
| 934 | serialno); |
| 935 | |
Jouni Malinen | 0f1614b | 2018-09-11 04:40:20 +0300 | [diff] [blame] | 936 | if (!osu && status && strcasecmp(status, "Authentication") == 0 && |
| 937 | username) |
| 938 | return aaa_auth_status(dut, conn, cmd, username, timeout); |
| 939 | |
Jouni Malinen | 89dfb22 | 2018-10-07 16:51:39 +0300 | [diff] [blame] | 940 | if (!osu && status && strcasecmp(status, "Authentication") == 0 && |
| 941 | serialno) { |
| 942 | snprintf(resp, sizeof(resp), "cert-%s", serialno); |
| 943 | return aaa_auth_status(dut, conn, cmd, resp, timeout); |
| 944 | } |
| 945 | |
Jouni Malinen | e2817ad | 2022-05-16 20:23:45 +0300 | [diff] [blame] | 946 | if (osu && status && strcasecmp(status, "OSU") == 0) |
Jouni Malinen | 05630ab | 2018-09-15 02:59:58 +0300 | [diff] [blame] | 947 | return osu_cert_enroll_status(dut, conn, cmd, addr, timeout); |
| 948 | |
Jouni Malinen | 7116cd4 | 2018-12-16 17:51:11 +0200 | [diff] [blame] | 949 | if (osu && status && strcasecmp(status, "PolicyProvisioning") == 0 && |
| 950 | imsi) |
| 951 | return osu_sim_policy_provisioning_status(dut, conn, imsi, |
| 952 | timeout); |
| 953 | |
Jouni Malinen | fcaeee1 | 2019-02-19 12:27:36 +0200 | [diff] [blame] | 954 | return SUCCESS_SEND_STATUS; |
Jouni Malinen | cd4e3c3 | 2015-10-29 12:39:56 +0200 | [diff] [blame] | 955 | } |
| 956 | |
| 957 | |
Jouni Malinen | b8b7e7b | 2018-09-26 13:39:42 +0300 | [diff] [blame] | 958 | static int osu_set_cert_reenroll(struct sigma_dut *dut, const char *serial, |
| 959 | int enable) |
| 960 | { |
| 961 | sqlite3 *db; |
| 962 | char *sql; |
| 963 | char id[100]; |
| 964 | int ret = -1; |
| 965 | |
| 966 | if (sqlite3_open(SERVER_DB, &db)) { |
| 967 | sigma_dut_print(dut, DUT_MSG_ERROR, |
| 968 | "Failed to open SQLite database %s", |
| 969 | SERVER_DB); |
| 970 | return -1; |
| 971 | } |
| 972 | |
| 973 | snprintf(id, sizeof(id), "cert-%s", serial); |
| 974 | sql = sqlite3_mprintf("UPDATE users SET remediation=%Q WHERE lower(identity)=lower(%Q)", |
Jouni Malinen | 959372f | 2018-12-04 13:49:45 +0200 | [diff] [blame] | 975 | enable ? "reenroll" : "", id); |
Jouni Malinen | b8b7e7b | 2018-09-26 13:39:42 +0300 | [diff] [blame] | 976 | if (!sql) |
| 977 | goto fail; |
| 978 | sigma_dut_print(dut, DUT_MSG_DEBUG, "SQL: %s", sql); |
| 979 | if (sqlite3_exec(db, sql, NULL, NULL, NULL) != SQLITE_OK) { |
| 980 | sigma_dut_print(dut, DUT_MSG_ERROR, "SQL operation failed: %s", |
| 981 | sqlite3_errmsg(db)); |
| 982 | goto fail; |
| 983 | } |
| 984 | |
| 985 | if (sqlite3_changes(db) < 1) { |
| 986 | sigma_dut_print(dut, DUT_MSG_ERROR, "No DB rows modified (specified serial number not found)"); |
| 987 | goto fail; |
| 988 | } |
| 989 | |
| 990 | ret = 0; |
| 991 | fail: |
| 992 | sqlite3_close(db); |
| 993 | |
| 994 | return ret; |
| 995 | } |
| 996 | |
| 997 | |
Jouni Malinen | fcaeee1 | 2019-02-19 12:27:36 +0200 | [diff] [blame] | 998 | static enum sigma_cmd_result cmd_server_set_parameter(struct sigma_dut *dut, |
| 999 | struct sigma_conn *conn, |
| 1000 | struct sigma_cmd *cmd) |
Jouni Malinen | ab8c718 | 2018-09-11 02:55:45 +0300 | [diff] [blame] | 1001 | { |
Jouni Malinen | 93b170b | 2018-09-15 02:58:27 +0300 | [diff] [blame] | 1002 | const char *var, *root_ca, *inter_ca, *osu_cert, *issuing_arch, *name; |
Jouni Malinen | b8b7e7b | 2018-09-26 13:39:42 +0300 | [diff] [blame] | 1003 | const char *reenroll, *serial; |
Jouni Malinen | ab8c718 | 2018-09-11 02:55:45 +0300 | [diff] [blame] | 1004 | int osu, timeout = -1; |
| 1005 | enum sigma_program prog; |
| 1006 | |
| 1007 | var = get_param(cmd, "Program"); |
| 1008 | if (!var) { |
| 1009 | send_resp(dut, conn, SIGMA_ERROR, |
| 1010 | "errorCode,Missing program parameter"); |
Jouni Malinen | fcaeee1 | 2019-02-19 12:27:36 +0200 | [diff] [blame] | 1011 | return STATUS_SENT; |
Jouni Malinen | ab8c718 | 2018-09-11 02:55:45 +0300 | [diff] [blame] | 1012 | } |
| 1013 | |
| 1014 | prog = sigma_program_to_enum(var); |
Jouni Malinen | 409fc12 | 2022-09-29 18:54:09 +0300 | [diff] [blame] | 1015 | if (!is_passpoint_r2_or_newer(prog)) { |
Jouni Malinen | ab8c718 | 2018-09-11 02:55:45 +0300 | [diff] [blame] | 1016 | send_resp(dut, conn, SIGMA_ERROR, |
| 1017 | "errorCode,Unsupported program"); |
Jouni Malinen | fcaeee1 | 2019-02-19 12:27:36 +0200 | [diff] [blame] | 1018 | return STATUS_SENT; |
Jouni Malinen | ab8c718 | 2018-09-11 02:55:45 +0300 | [diff] [blame] | 1019 | } |
| 1020 | |
| 1021 | var = get_param(cmd, "Device"); |
| 1022 | if (!var || |
| 1023 | (strcasecmp(var, "AAAServer") != 0 && |
| 1024 | strcasecmp(var, "OSUServer") != 0)) { |
| 1025 | send_resp(dut, conn, SIGMA_ERROR, |
| 1026 | "errorCode,Unsupported device type"); |
Jouni Malinen | fcaeee1 | 2019-02-19 12:27:36 +0200 | [diff] [blame] | 1027 | return STATUS_SENT; |
Jouni Malinen | ab8c718 | 2018-09-11 02:55:45 +0300 | [diff] [blame] | 1028 | } |
| 1029 | osu = strcasecmp(var, "OSUServer") == 0; |
| 1030 | |
| 1031 | var = get_param(cmd, "Timeout"); |
| 1032 | if (var) |
| 1033 | timeout = atoi(var); |
| 1034 | |
| 1035 | var = get_param(cmd, "ProvisioningProto"); |
| 1036 | if (var && strcasecmp(var, "SOAP") != 0) { |
| 1037 | send_resp(dut, conn, SIGMA_ERROR, |
| 1038 | "errorCode,Unsupported ProvisioningProto"); |
Jouni Malinen | fcaeee1 | 2019-02-19 12:27:36 +0200 | [diff] [blame] | 1039 | return STATUS_SENT; |
Jouni Malinen | ab8c718 | 2018-09-11 02:55:45 +0300 | [diff] [blame] | 1040 | } |
| 1041 | |
Jouni Malinen | b8b7e7b | 2018-09-26 13:39:42 +0300 | [diff] [blame] | 1042 | reenroll = get_param(cmd, "CertReEnroll"); |
| 1043 | serial = get_param(cmd, "SerialNo"); |
| 1044 | if (reenroll && serial) { |
| 1045 | int enable; |
| 1046 | |
| 1047 | if (strcasecmp(reenroll, "Enable") == 0) { |
| 1048 | enable = 1; |
| 1049 | } else if (strcasecmp(reenroll, "Disable") == 0) { |
| 1050 | enable = 0; |
| 1051 | } else { |
| 1052 | send_resp(dut, conn, SIGMA_ERROR, |
| 1053 | "errorCode,Invalid CertReEnroll value"); |
Jouni Malinen | fcaeee1 | 2019-02-19 12:27:36 +0200 | [diff] [blame] | 1054 | return STATUS_SENT; |
Jouni Malinen | b8b7e7b | 2018-09-26 13:39:42 +0300 | [diff] [blame] | 1055 | } |
| 1056 | |
| 1057 | if (osu_set_cert_reenroll(dut, serial, enable) < 0) { |
| 1058 | send_resp(dut, conn, SIGMA_ERROR, |
| 1059 | "errorCode,Failed to update certificate reenrollment state"); |
Jouni Malinen | fcaeee1 | 2019-02-19 12:27:36 +0200 | [diff] [blame] | 1060 | return STATUS_SENT; |
Jouni Malinen | b8b7e7b | 2018-09-26 13:39:42 +0300 | [diff] [blame] | 1061 | } |
| 1062 | } |
| 1063 | |
Jouni Malinen | 93b170b | 2018-09-15 02:58:27 +0300 | [diff] [blame] | 1064 | name = get_param(cmd, "Name"); |
| 1065 | root_ca = get_param(cmd, "TrustRootCACert"); |
| 1066 | inter_ca = get_param(cmd, "InterCACert"); |
| 1067 | osu_cert = get_param(cmd, "OSUServerCert"); |
| 1068 | issuing_arch = get_param(cmd, "Issuing_Arch"); |
| 1069 | |
Jouni Malinen | ab8c718 | 2018-09-11 02:55:45 +0300 | [diff] [blame] | 1070 | if (timeout > -1) { |
| 1071 | /* TODO */ |
| 1072 | } |
| 1073 | |
Jouni Malinen | 93b170b | 2018-09-15 02:58:27 +0300 | [diff] [blame] | 1074 | if (osu && name && root_ca && inter_ca && osu_cert && issuing_arch) { |
| 1075 | const char *srv; |
| 1076 | char buf[500]; |
| 1077 | char buf2[500]; |
| 1078 | int col; |
| 1079 | |
| 1080 | sigma_dut_print(dut, DUT_MSG_DEBUG, |
| 1081 | "Update server certificate setup"); |
| 1082 | |
| 1083 | if (strcasecmp(name, "ruckus") == 0) { |
| 1084 | srv = "RKS"; |
| 1085 | } else if (strcasecmp(name, "aruba") == 0) { |
| 1086 | srv = "ARU"; |
| 1087 | } else { |
| 1088 | send_resp(dut, conn, SIGMA_ERROR, |
| 1089 | "errorCode,Unsupported Name value"); |
Jouni Malinen | fcaeee1 | 2019-02-19 12:27:36 +0200 | [diff] [blame] | 1090 | return STATUS_SENT; |
Jouni Malinen | 93b170b | 2018-09-15 02:58:27 +0300 | [diff] [blame] | 1091 | } |
| 1092 | |
| 1093 | if (strcasecmp(issuing_arch, "col2") == 0) { |
| 1094 | col = 2; |
| 1095 | } else if (strcasecmp(issuing_arch, "col4") == 0) { |
| 1096 | col = 4; |
| 1097 | } else { |
| 1098 | send_resp(dut, conn, SIGMA_ERROR, |
| 1099 | "errorCode,Unsupported Issuing_Arch value"); |
Jouni Malinen | fcaeee1 | 2019-02-19 12:27:36 +0200 | [diff] [blame] | 1100 | return STATUS_SENT; |
Jouni Malinen | 93b170b | 2018-09-15 02:58:27 +0300 | [diff] [blame] | 1101 | } |
| 1102 | |
| 1103 | if (strcasecmp(root_ca, "ID-T") == 0) { |
| 1104 | sigma_dut_print(dut, DUT_MSG_DEBUG, |
| 1105 | "OSU trust root: NetworkFX"); |
| 1106 | if (system("cp " CERT_DIR "/IDT-cert-RootCA.pem " |
| 1107 | CERT_DIR "/cacert.pem") < 0) |
Jouni Malinen | fcaeee1 | 2019-02-19 12:27:36 +0200 | [diff] [blame] | 1108 | return ERROR_SEND_STATUS; |
Jouni Malinen | 93b170b | 2018-09-15 02:58:27 +0300 | [diff] [blame] | 1109 | } else if (strcasecmp(root_ca, "ID-Y") == 0) { |
| 1110 | sigma_dut_print(dut, DUT_MSG_DEBUG, |
| 1111 | "OSU trust root: NetworkFX"); |
| 1112 | if (system("cp " CERT_DIR "/IDY-cert-RootCA.pem " |
| 1113 | CERT_DIR "/cacert.pem") < 0) |
Jouni Malinen | fcaeee1 | 2019-02-19 12:27:36 +0200 | [diff] [blame] | 1114 | return ERROR_SEND_STATUS; |
Jouni Malinen | 2e1ab0f | 2021-10-08 21:17:14 +0300 | [diff] [blame] | 1115 | } else if (strcasecmp(root_ca, "ID-K.1") == 0) { |
| 1116 | sigma_dut_print(dut, DUT_MSG_DEBUG, |
| 1117 | "OSU trust root: Not-trusted"); |
| 1118 | if (system("cp " CERT_DIR "/IDK1-ca.pem " |
| 1119 | CERT_DIR "/cacert.pem") < 0) |
| 1120 | return ERROR_SEND_STATUS; |
Jouni Malinen | 93b170b | 2018-09-15 02:58:27 +0300 | [diff] [blame] | 1121 | } else { |
| 1122 | send_resp(dut, conn, SIGMA_ERROR, |
| 1123 | "errorCode,Unsupported TrustRootCACert value"); |
Jouni Malinen | fcaeee1 | 2019-02-19 12:27:36 +0200 | [diff] [blame] | 1124 | return STATUS_SENT; |
Jouni Malinen | 93b170b | 2018-09-15 02:58:27 +0300 | [diff] [blame] | 1125 | } |
| 1126 | |
| 1127 | if (strcasecmp(inter_ca, "ID-Z.2") == 0) { |
| 1128 | sigma_dut_print(dut, DUT_MSG_DEBUG, |
| 1129 | "OSU intermediate CA: NetworkFX (col2)"); |
| 1130 | if (system("cat " CERT_DIR "/IDZ2-cert-InterCA.pem >> " |
| 1131 | CERT_DIR "/cacert.pem") < 0) |
Jouni Malinen | fcaeee1 | 2019-02-19 12:27:36 +0200 | [diff] [blame] | 1132 | return ERROR_SEND_STATUS; |
Jouni Malinen | 93b170b | 2018-09-15 02:58:27 +0300 | [diff] [blame] | 1133 | } else if (strcasecmp(inter_ca, "ID-Z.4") == 0) { |
| 1134 | sigma_dut_print(dut, DUT_MSG_DEBUG, |
| 1135 | "OSU intermediate CA: DigiCert (col2)"); |
| 1136 | if (system("cat " CERT_DIR "/IDZ4-cert-InterCA.pem >> " |
| 1137 | CERT_DIR "/cacert.pem") < 0) |
Jouni Malinen | fcaeee1 | 2019-02-19 12:27:36 +0200 | [diff] [blame] | 1138 | return ERROR_SEND_STATUS; |
Jouni Malinen | 93b170b | 2018-09-15 02:58:27 +0300 | [diff] [blame] | 1139 | } else if (strcasecmp(inter_ca, "ID-Z.6") == 0) { |
| 1140 | sigma_dut_print(dut, DUT_MSG_DEBUG, |
| 1141 | "OSU intermediate CA: NetworkFX (col4)"); |
| 1142 | if (system("cat " CERT_DIR "/IDZ6-cert-InterCA.pem >> " |
| 1143 | CERT_DIR "/cacert.pem") < 0) |
Jouni Malinen | fcaeee1 | 2019-02-19 12:27:36 +0200 | [diff] [blame] | 1144 | return ERROR_SEND_STATUS; |
Jouni Malinen | 93b170b | 2018-09-15 02:58:27 +0300 | [diff] [blame] | 1145 | } else if (strcasecmp(inter_ca, "ID-Z.8") == 0) { |
| 1146 | sigma_dut_print(dut, DUT_MSG_DEBUG, |
| 1147 | "OSU intermediate CA: DigiCert (col4)"); |
| 1148 | if (system("cat " CERT_DIR "/IDZ8-cert-InterCA.pem >> " |
| 1149 | CERT_DIR "/cacert.pem") < 0) |
Jouni Malinen | fcaeee1 | 2019-02-19 12:27:36 +0200 | [diff] [blame] | 1150 | return ERROR_SEND_STATUS; |
Jouni Malinen | 2e1ab0f | 2021-10-08 21:17:14 +0300 | [diff] [blame] | 1151 | } else if (strcasecmp(inter_ca, "ID-K.1") == 0) { |
| 1152 | sigma_dut_print(dut, DUT_MSG_DEBUG, |
| 1153 | "OSU intermediate CA: Not-trusted"); |
| 1154 | if (system("cat " CERT_DIR "/IDK1-IntCA.pem >> " |
| 1155 | CERT_DIR "/cacert.pem") < 0) |
| 1156 | return ERROR_SEND_STATUS; |
Jouni Malinen | 93b170b | 2018-09-15 02:58:27 +0300 | [diff] [blame] | 1157 | } else { |
| 1158 | send_resp(dut, conn, SIGMA_ERROR, |
| 1159 | "errorCode,Unsupported InterCACert value"); |
Jouni Malinen | fcaeee1 | 2019-02-19 12:27:36 +0200 | [diff] [blame] | 1160 | return STATUS_SENT; |
Jouni Malinen | 93b170b | 2018-09-15 02:58:27 +0300 | [diff] [blame] | 1161 | } |
| 1162 | |
| 1163 | if (strcasecmp(osu_cert, "ID-Q") == 0) { |
| 1164 | sigma_dut_print(dut, DUT_MSG_DEBUG, |
| 1165 | "OSU server cert: NetworkFX col%d", |
| 1166 | col); |
| 1167 | snprintf(buf, sizeof(buf), |
| 1168 | "cp " CERT_DIR "/IDQ-cert-c%d-%s.pem " |
| 1169 | CERT_DIR "/server.pem", |
| 1170 | col, srv); |
| 1171 | snprintf(buf2, sizeof(buf2), |
| 1172 | "cp " CERT_DIR "/IDQ-key-%s.pem " |
| 1173 | CERT_DIR "/server.key", srv); |
| 1174 | } else if (strcasecmp(osu_cert, "ID-W") == 0) { |
| 1175 | sigma_dut_print(dut, DUT_MSG_DEBUG, |
| 1176 | "OSU server cert: DigiCert col%d", |
| 1177 | col); |
| 1178 | snprintf(buf, sizeof(buf), |
| 1179 | "cp " CERT_DIR "/IDW-cert-c%d-%s.pem " |
| 1180 | CERT_DIR "/server.pem", |
| 1181 | col, srv); |
| 1182 | snprintf(buf2, sizeof(buf2), |
| 1183 | "cp " CERT_DIR "/IDW-key-%s.pem " |
| 1184 | CERT_DIR "/server.key", srv); |
Jouni Malinen | 2e1ab0f | 2021-10-08 21:17:14 +0300 | [diff] [blame] | 1185 | } else if (strcasecmp(osu_cert, "ID-K.1") == 0) { |
| 1186 | sigma_dut_print(dut, DUT_MSG_DEBUG, |
| 1187 | "OSU server cert: Not-trusted"); |
| 1188 | snprintf(buf, sizeof(buf), |
| 1189 | "cp " CERT_DIR "/IDK1-cert-%s.pem " |
| 1190 | CERT_DIR "/server.pem", |
| 1191 | srv); |
| 1192 | snprintf(buf2, sizeof(buf2), |
| 1193 | "cp " CERT_DIR "/IDK1-key-%s.pem " |
| 1194 | CERT_DIR "/server.key", srv); |
Jouni Malinen | 93b170b | 2018-09-15 02:58:27 +0300 | [diff] [blame] | 1195 | } else if (strcasecmp(osu_cert, "ID-R.2") == 0) { |
| 1196 | sigma_dut_print(dut, DUT_MSG_DEBUG, |
| 1197 | "OSU server cert: NetworkFX revoked col%d", |
| 1198 | col); |
| 1199 | snprintf(buf, sizeof(buf), |
| 1200 | "cp " CERT_DIR "/IDR2-cert-c%d-%s.pem " |
| 1201 | CERT_DIR "/server.pem", |
| 1202 | col, srv); |
| 1203 | snprintf(buf2, sizeof(buf2), |
| 1204 | "cp " CERT_DIR "/IDR2-key-%s.pem " |
| 1205 | CERT_DIR "/server.key", srv); |
| 1206 | } else if (strcasecmp(osu_cert, "ID-R.4") == 0) { |
| 1207 | sigma_dut_print(dut, DUT_MSG_DEBUG, |
| 1208 | "OSU server cert: DigiCert revoked col%d", |
| 1209 | col); |
| 1210 | snprintf(buf, sizeof(buf), |
| 1211 | "cp " CERT_DIR "/IDR4-cert-c%d-%s.pem " |
| 1212 | CERT_DIR "/server.pem", |
| 1213 | col, srv); |
| 1214 | snprintf(buf2, sizeof(buf2), |
| 1215 | "cp " CERT_DIR "/IDR4-key-%s.pem " |
| 1216 | CERT_DIR "/server.key", srv); |
| 1217 | } else { |
| 1218 | send_resp(dut, conn, SIGMA_ERROR, |
| 1219 | "errorCode,Unsupported OSUServerCert value"); |
Jouni Malinen | fcaeee1 | 2019-02-19 12:27:36 +0200 | [diff] [blame] | 1220 | return STATUS_SENT; |
Jouni Malinen | 93b170b | 2018-09-15 02:58:27 +0300 | [diff] [blame] | 1221 | } |
| 1222 | |
| 1223 | if (system(buf) < 0 || system(buf2) < 0) |
Jouni Malinen | fcaeee1 | 2019-02-19 12:27:36 +0200 | [diff] [blame] | 1224 | return ERROR_SEND_STATUS; |
Jouni Malinen | 93b170b | 2018-09-15 02:58:27 +0300 | [diff] [blame] | 1225 | |
| 1226 | if (system("service apache2 reload") < 0) { |
| 1227 | send_resp(dut, conn, SIGMA_ERROR, |
| 1228 | "errorCode,Failed to restart Apache"); |
Jouni Malinen | fcaeee1 | 2019-02-19 12:27:36 +0200 | [diff] [blame] | 1229 | return STATUS_SENT; |
Jouni Malinen | 93b170b | 2018-09-15 02:58:27 +0300 | [diff] [blame] | 1230 | } |
Jouni Malinen | ab8c718 | 2018-09-11 02:55:45 +0300 | [diff] [blame] | 1231 | } |
| 1232 | |
| 1233 | /* TODO */ |
Jouni Malinen | fcaeee1 | 2019-02-19 12:27:36 +0200 | [diff] [blame] | 1234 | return SUCCESS_SEND_STATUS; |
Jouni Malinen | ab8c718 | 2018-09-11 02:55:45 +0300 | [diff] [blame] | 1235 | } |
| 1236 | |
| 1237 | |
Jouni Malinen | cd4e3c3 | 2015-10-29 12:39:56 +0200 | [diff] [blame] | 1238 | void server_register_cmds(void) |
| 1239 | { |
Jouni Malinen | 72ac93c | 2018-09-04 13:12:59 +0300 | [diff] [blame] | 1240 | sigma_dut_reg_cmd("server_ca_get_version", NULL, |
| 1241 | cmd_server_ca_get_version); |
| 1242 | sigma_dut_reg_cmd("server_get_info", NULL, |
| 1243 | cmd_server_get_info); |
Jouni Malinen | cd4e3c3 | 2015-10-29 12:39:56 +0200 | [diff] [blame] | 1244 | sigma_dut_reg_cmd("server_reset_default", NULL, |
| 1245 | cmd_server_reset_default); |
| 1246 | sigma_dut_reg_cmd("server_request_status", NULL, |
| 1247 | cmd_server_request_status); |
Jouni Malinen | ab8c718 | 2018-09-11 02:55:45 +0300 | [diff] [blame] | 1248 | sigma_dut_reg_cmd("server_set_parameter", NULL, |
| 1249 | cmd_server_set_parameter); |
Jouni Malinen | cd4e3c3 | 2015-10-29 12:39:56 +0200 | [diff] [blame] | 1250 | } |