]> git.ipfire.org Git - thirdparty/hostap.git/blob - hs20/client/osu_client.c
projects / thirdparty / hostap.git / blob
? search:


1a4859235d05f224b36c2b2b17b68cccd1f63f9f
[thirdparty/hostap.git] / hs20 / client / osu_client.c
1 /*
2 * Hotspot 2.0 OSU client
3 * Copyright (c) 2012-2013, Qualcomm Atheros, Inc.
4 *
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
7 */
8
9 #include "includes.h"
10 #include <time.h>
11 #include <sys/stat.h>
12
13 #include "common.h"
14 #include "utils/browser.h"
15 #include "utils/base64.h"
16 #include "utils/xml-utils.h"
17 #include "utils/http-utils.h"
18 #include "common/wpa_ctrl.h"
19 #include "common/wpa_helpers.h"
20 #include "eap_common/eap_defs.h"
21 #include "crypto/crypto.h"
22 #include "crypto/sha256.h"
23 #include "osu_client.h"
24
25
26 void write_result(struct hs20_osu_client *ctx, const char *fmt, ...)
27 {
28 va_list ap;
29 FILE *f;
30 char buf[500];
31
32 va_start(ap, fmt);
33 vsnprintf(buf, sizeof(buf), fmt, ap);
34 va_end(ap);
35 write_summary(ctx, "%s", buf);
36
37 if (!ctx->result_file)
38 return;
39
40 f = fopen(ctx->result_file, "w");
41 if (f == NULL)
42 return;
43
44 va_start(ap, fmt);
45 vfprintf(f, fmt, ap);
46 va_end(ap);
47 fprintf(f, "\n");
48 fclose(f);
49 }
50
51
52 void write_summary(struct hs20_osu_client *ctx, const char *fmt, ...)
53 {
54 va_list ap;
55 FILE *f;
56
57 if (!ctx->summary_file)
58 return;
59
60 f = fopen(ctx->summary_file, "a");
61 if (f == NULL)
62 return;
63
64 va_start(ap, fmt);
65 vfprintf(f, fmt, ap);
66 va_end(ap);
67 fprintf(f, "\n");
68 fclose(f);
69 }
70
71
72 void debug_dump_node(struct hs20_osu_client *ctx, const char *title,
73 xml_node_t *node)
74 {
75 char *str = xml_node_to_str(ctx->xml, node);
76 wpa_printf(MSG_DEBUG, "[hs20] %s: '%s'", title, str);
77 free(str);
78 }
79
80
81 static int valid_fqdn(const char *fqdn)
82 {
83 const char *pos;
84
85 /* TODO: could make this more complete.. */
86 if (strchr(fqdn, '.') == 0 || strlen(fqdn) > 255)
87 return 0;
88 for (pos = fqdn; *pos; pos++) {
89 if (*pos >= 'a' && *pos <= 'z')
90 continue;
91 if (*pos >= 'A' && *pos <= 'Z')
92 continue;
93 if (*pos >= '0' && *pos <= '9')
94 continue;
95 if (*pos == '-' || *pos == '.' || *pos == '_')
96 continue;
97 return 0;
98 }
99 return 1;
100 }
101
102
103 int osu_get_certificate(struct hs20_osu_client *ctx, xml_node_t *getcert)
104 {
105 xml_node_t *node;
106 char *url, *user = NULL, *pw = NULL;
107 char *proto;
108 int ret = -1;
109
110 proto = xml_node_get_attr_value(ctx->xml, getcert,
111 "enrollmentProtocol");
112 if (!proto)
113 return -1;
114 wpa_printf(MSG_INFO, "getCertificate - enrollmentProtocol=%s", proto);
115 write_summary(ctx, "getCertificate - enrollmentProtocol=%s", proto);
116 if (os_strcasecmp(proto, "EST") != 0) {
117 wpa_printf(MSG_INFO, "Unsupported enrollmentProtocol");
118 xml_node_get_attr_value_free(ctx->xml, proto);
119 return -1;
120 }
121 xml_node_get_attr_value_free(ctx->xml, proto);
122
123 node = get_node(ctx->xml, getcert, "enrollmentServerURI");
124 if (node == NULL) {
125 wpa_printf(MSG_INFO, "Could not find enrollmentServerURI node");
126 xml_node_get_attr_value_free(ctx->xml, proto);
127 return -1;
128 }
129 url = xml_node_get_text(ctx->xml, node);
130 if (url == NULL) {
131 wpa_printf(MSG_INFO, "Could not get URL text");
132 return -1;
133 }
134 wpa_printf(MSG_INFO, "enrollmentServerURI: %s", url);
135 write_summary(ctx, "enrollmentServerURI: %s", url);
136
137 node = get_node(ctx->xml, getcert, "estUserID");
138 if (node == NULL && !ctx->client_cert_present) {
139 wpa_printf(MSG_INFO, "Could not find estUserID node");
140 goto fail;
141 }
142 if (node) {
143 user = xml_node_get_text(ctx->xml, node);
144 if (user == NULL) {
145 wpa_printf(MSG_INFO, "Could not get estUserID text");
146 goto fail;
147 }
148 wpa_printf(MSG_INFO, "estUserID: %s", user);
149 write_summary(ctx, "estUserID: %s", user);
150 }
151
152 node = get_node(ctx->xml, getcert, "estPassword");
153 if (node == NULL && !ctx->client_cert_present) {
154 wpa_printf(MSG_INFO, "Could not find estPassword node");
155 goto fail;
156 }
157 if (node) {
158 pw = xml_node_get_base64_text(ctx->xml, node, NULL);
159 if (pw == NULL) {
160 wpa_printf(MSG_INFO, "Could not get estPassword text");
161 goto fail;
162 }
163 wpa_printf(MSG_INFO, "estPassword: %s", pw);
164 }
165
166 mkdir("Cert", S_IRWXU);
167 if (est_load_cacerts(ctx, url) < 0 ||
168 est_build_csr(ctx, url) < 0 ||
169 est_simple_enroll(ctx, url, user, pw) < 0)
170 goto fail;
171
172 ret = 0;
173 fail:
174 xml_node_get_text_free(ctx->xml, url);
175 xml_node_get_text_free(ctx->xml, user);
176 xml_node_get_text_free(ctx->xml, pw);
177
178 return ret;
179 }
180
181
182 static int process_est_cert(struct hs20_osu_client *ctx, xml_node_t *cert,
183 const char *fqdn)
184 {
185 u8 digest1[SHA256_MAC_LEN], digest2[SHA256_MAC_LEN];
186 char *der, *pem;
187 size_t der_len, pem_len;
188 char *fingerprint;
189 char buf[200];
190
191 wpa_printf(MSG_INFO, "PPS for certificate credential - fqdn=%s", fqdn);
192
193 fingerprint = xml_node_get_text(ctx->xml, cert);
194 if (fingerprint == NULL)
195 return -1;
196 if (hexstr2bin(fingerprint, digest1, SHA256_MAC_LEN) < 0) {
197 wpa_printf(MSG_INFO, "Invalid SHA256 hash value");
198 write_result(ctx, "Invalid client certificate SHA256 hash value in PPS");
199 xml_node_get_text_free(ctx->xml, fingerprint);
200 return -1;
201 }
202 xml_node_get_text_free(ctx->xml, fingerprint);
203
204 der = os_readfile("Cert/est_cert.der", &der_len);
205 if (der == NULL) {
206 wpa_printf(MSG_INFO, "Could not find client certificate from EST");
207 write_result(ctx, "Could not find client certificate from EST");
208 return -1;
209 }
210
211 if (sha256_vector(1, (const u8 **) &der, &der_len, digest2) < 0) {
212 os_free(der);
213 return -1;
214 }
215 os_free(der);
216
217 if (os_memcmp(digest1, digest2, sizeof(digest1)) != 0) {
218 wpa_printf(MSG_INFO, "Client certificate from EST does not match fingerprint from PPS MO");
219 write_result(ctx, "Client certificate from EST does not match fingerprint from PPS MO");
220 return -1;
221 }
222
223 wpa_printf(MSG_INFO, "Client certificate from EST matches PPS MO");
224 unlink("Cert/est_cert.der");
225
226 os_snprintf(buf, sizeof(buf), "SP/%s/client-ca.pem", fqdn);
227 if (rename("Cert/est-cacerts.pem", buf) < 0) {
228 wpa_printf(MSG_INFO, "Could not move est-cacerts.pem to client-ca.pem: %s",
229 strerror(errno));
230 return -1;
231 }
232 pem = os_readfile(buf, &pem_len);
233
234 os_snprintf(buf, sizeof(buf), "SP/%s/client-cert.pem", fqdn);
235 if (rename("Cert/est_cert.pem", buf) < 0) {
236 wpa_printf(MSG_INFO, "Could not move est_cert.pem to client-cert.pem: %s",
237 strerror(errno));
238 os_free(pem);
239 return -1;
240 }
241
242 if (pem) {
243 FILE *f = fopen(buf, "a");
244 if (f) {
245 fwrite(pem, pem_len, 1, f);
246 fclose(f);
247 }
248 os_free(pem);
249 }
250
251 os_snprintf(buf, sizeof(buf), "SP/%s/client-key.pem", fqdn);
252 if (rename("Cert/privkey-plain.pem", buf) < 0) {
253 wpa_printf(MSG_INFO, "Could not move privkey-plain.pem to client-key.pem: %s",
254 strerror(errno));
255 return -1;
256 }
257
258 unlink("Cert/est-req.b64");
259 unlink("Cert/est-req.pem");
260 unlink("Cert/est-resp.raw");
261 rmdir("Cert");
262
263 return 0;
264 }
265
266
267 #define TMP_CERT_DL_FILE "tmp-cert-download"
268
269 static int download_cert(struct hs20_osu_client *ctx, xml_node_t *params,
270 const char *fname)
271 {
272 xml_node_t *url_node, *hash_node;
273 char *url, *hash;
274 char *cert;
275 size_t len;
276 u8 digest1[SHA256_MAC_LEN], digest2[SHA256_MAC_LEN];
277 int res;
278 unsigned char *b64;
279 FILE *f;
280
281 url_node = get_node(ctx->xml, params, "CertURL");
282 hash_node = get_node(ctx->xml, params, "CertSHA256Fingerprint");
283 if (url_node == NULL || hash_node == NULL)
284 return -1;
285 url = xml_node_get_text(ctx->xml, url_node);
286 hash = xml_node_get_text(ctx->xml, hash_node);
287 if (url == NULL || hash == NULL) {
288 xml_node_get_text_free(ctx->xml, url);
289 xml_node_get_text_free(ctx->xml, hash);
290 return -1;
291 }
292
293 wpa_printf(MSG_INFO, "CertURL: %s", url);
294 wpa_printf(MSG_INFO, "SHA256 hash: %s", hash);
295
296 if (hexstr2bin(hash, digest1, SHA256_MAC_LEN) < 0) {
297 wpa_printf(MSG_INFO, "Invalid SHA256 hash value");
298 write_result(ctx, "Invalid SHA256 hash value for downloaded certificate");
299 xml_node_get_text_free(ctx->xml, hash);
300 return -1;
301 }
302 xml_node_get_text_free(ctx->xml, hash);
303
304 write_summary(ctx, "Download certificate from %s", url);
305 res = http_download_file(ctx->http, url, TMP_CERT_DL_FILE, NULL);
306 xml_node_get_text_free(ctx->xml, url);
307 if (res < 0)
308 return -1;
309
310 cert = os_readfile(TMP_CERT_DL_FILE, &len);
311 remove(TMP_CERT_DL_FILE);
312 if (cert == NULL)
313 return -1;
314
315 if (sha256_vector(1, (const u8 **) &cert, &len, digest2) < 0) {
316 os_free(cert);
317 return -1;
318 }
319
320 if (os_memcmp(digest1, digest2, sizeof(digest1)) != 0) {
321 wpa_printf(MSG_INFO, "Downloaded certificate fingerprint did not match");
322 write_result(ctx, "Downloaded certificate fingerprint did not match");
323 os_free(cert);
324 return -1;
325 }
326
327 b64 = base64_encode((unsigned char *) cert, len, NULL);
328 os_free(cert);
329 if (b64 == NULL)
330 return -1;
331
332 f = fopen(fname, "wb");
333 if (f == NULL) {
334 os_free(b64);
335 return -1;
336 }
337
338 fprintf(f, "-----BEGIN CERTIFICATE-----\n"
339 "%s"
340 "-----END CERTIFICATE-----\n",
341 b64);
342
343 os_free(b64);
344 fclose(f);
345
346 wpa_printf(MSG_INFO, "Downloaded certificate into %s and validated fingerprint",
347 fname);
348 write_summary(ctx, "Downloaded certificate into %s and validated fingerprint",
349 fname);
350
351 return 0;
352 }
353
354
355 static int cmd_dl_osu_ca(struct hs20_osu_client *ctx, const char *pps_fname,
356 const char *ca_fname)
357 {
358 xml_node_t *pps, *node;
359 int ret;
360
361 pps = node_from_file(ctx->xml, pps_fname);
362 if (pps == NULL) {
363 wpa_printf(MSG_INFO, "Could not read or parse '%s'", pps_fname);
364 return -1;
365 }
366
367 node = get_child_node(ctx->xml, pps,
368 "SubscriptionUpdate/TrustRoot");
369 if (node == NULL) {
370 wpa_printf(MSG_INFO, "No SubscriptionUpdate/TrustRoot/CertURL found from PPS");
371 xml_node_free(ctx->xml, pps);
372 return -1;
373 }
374
375 ret = download_cert(ctx, node, ca_fname);
376 xml_node_free(ctx->xml, pps);
377
378 return ret;
379 }
380
381
382 static int cmd_dl_polupd_ca(struct hs20_osu_client *ctx, const char *pps_fname,
383 const char *ca_fname)
384 {
385 xml_node_t *pps, *node;
386 int ret;
387
388 pps = node_from_file(ctx->xml, pps_fname);
389 if (pps == NULL) {
390 wpa_printf(MSG_INFO, "Could not read or parse '%s'", pps_fname);
391 return -1;
392 }
393
394 node = get_child_node(ctx->xml, pps,
395 "PolicyUpdate/TrustRoot");
396 if (node == NULL) {
397 wpa_printf(MSG_INFO, "No PolicyUpdate/TrustRoot/CertURL found from PPS");
398 xml_node_free(ctx->xml, pps);
399 return -1;
400 }
401
402 ret = download_cert(ctx, node, ca_fname);
403 xml_node_free(ctx->xml, pps);
404
405 return ret;
406 }
407
408
409 static int cmd_dl_aaa_ca(struct hs20_osu_client *ctx, const char *pps_fname,
410 const char *ca_fname)
411 {
412 xml_node_t *pps, *node, *aaa;
413 int ret;
414
415 pps = node_from_file(ctx->xml, pps_fname);
416 if (pps == NULL) {
417 wpa_printf(MSG_INFO, "Could not read or parse '%s'", pps_fname);
418 return -1;
419 }
420
421 node = get_child_node(ctx->xml, pps,
422 "AAAServerTrustRoot");
423 if (node == NULL) {
424 wpa_printf(MSG_INFO, "No AAAServerTrustRoot/CertURL found from PPS");
425 xml_node_free(ctx->xml, pps);
426 return -1;
427 }
428
429 aaa = xml_node_first_child(ctx->xml, node);
430 if (aaa == NULL) {
431 wpa_printf(MSG_INFO, "No AAAServerTrustRoot/CertURL found from PPS");
432 xml_node_free(ctx->xml, pps);
433 return -1;
434 }
435
436 ret = download_cert(ctx, aaa, ca_fname);
437 xml_node_free(ctx->xml, pps);
438
439 return ret;
440 }
441
442
443 static int download_trust_roots(struct hs20_osu_client *ctx,
444 const char *pps_fname)
445 {
446 char *dir, *pos;
447 char fname[300];
448 int ret;
449
450 dir = os_strdup(pps_fname);
451 if (dir == NULL)
452 return -1;
453 pos = os_strrchr(dir, '/');
454 if (pos == NULL) {
455 os_free(dir);
456 return -1;
457 }
458 *pos = '\0';
459
460 snprintf(fname, sizeof(fname), "%s/ca.pem", dir);
461 ret = cmd_dl_osu_ca(ctx, pps_fname, fname);
462 snprintf(fname, sizeof(fname), "%s/polupd-ca.pem", dir);
463 cmd_dl_polupd_ca(ctx, pps_fname, fname);
464 snprintf(fname, sizeof(fname), "%s/aaa-ca.pem", dir);
465 cmd_dl_aaa_ca(ctx, pps_fname, fname);
466
467 os_free(dir);
468
469 return ret;
470 }
471
472
473 static int server_dnsname_suffix_match(struct hs20_osu_client *ctx,
474 const char *fqdn)
475 {
476 size_t match_len, len, i;
477 const char *val;
478
479 match_len = os_strlen(fqdn);
480
481 for (i = 0; i < ctx->server_dnsname_count; i++) {
482 wpa_printf(MSG_INFO,
483 "Checking suffix match against server dNSName %s",
484 ctx->server_dnsname[i]);
485 val = ctx->server_dnsname[i];
486 len = os_strlen(val);
487
488 if (match_len > len)
489 continue;
490
491 if (os_strncasecmp(val + len - match_len, fqdn, match_len) != 0)
492 continue; /* no match */
493
494 if (match_len == len)
495 return 1; /* exact match */
496
497 if (val[len - match_len - 1] == '.')
498 return 1; /* full label match completes suffix match */
499
500 /* Reject due to incomplete label match */
501 }
502
503 /* None of the dNSName(s) matched */
504 return 0;
505 }
506
507
508 int hs20_add_pps_mo(struct hs20_osu_client *ctx, const char *uri,
509 xml_node_t *add_mo, char *fname, size_t fname_len)
510 {
511 char *str;
512 char *fqdn, *pos;
513 xml_node_t *tnds, *mo, *cert;
514 const char *name;
515 int ret;
516
517 if (strncmp(uri, "./Wi-Fi/", 8) != 0) {
518 wpa_printf(MSG_INFO, "Unsupported location for addMO to add PPS MO: '%s'",
519 uri);
520 write_result(ctx, "Unsupported location for addMO to add PPS MO: '%s'",
521 uri);
522 return -1;
523 }
524
525 fqdn = strdup(uri + 8);
526 if (fqdn == NULL)
527 return -1;
528 pos = strchr(fqdn, '/');
529 if (pos) {
530 if (os_strcasecmp(pos, "/PerProviderSubscription") != 0) {
531 wpa_printf(MSG_INFO, "Unsupported location for addMO to add PPS MO (extra directory): '%s'",
532 uri);
533 write_result(ctx, "Unsupported location for addMO to "
534 "add PPS MO (extra directory): '%s'", uri);
535 return -1;
536 }
537 *pos = '\0'; /* remove trailing slash and PPS node name */
538 }
539 wpa_printf(MSG_INFO, "SP FQDN: %s", fqdn);
540
541 if (!server_dnsname_suffix_match(ctx, fqdn)) {
542 wpa_printf(MSG_INFO, "FQDN '%s' for new PPS MO did not have suffix match with server's dNSName values",
543 fqdn);
544 write_result(ctx, "FQDN '%s' for new PPS MO did not have suffix match with server's dNSName values",
545 fqdn);
546 free(fqdn);
547 return -1;
548 }
549
550 if (!valid_fqdn(fqdn)) {
551 wpa_printf(MSG_INFO, "Invalid FQDN '%s'", fqdn);
552 write_result(ctx, "Invalid FQDN '%s'", fqdn);
553 free(fqdn);
554 return -1;
555 }
556
557 mkdir("SP", S_IRWXU);
558 snprintf(fname, fname_len, "SP/%s", fqdn);
559 if (mkdir(fname, S_IRWXU) < 0) {
560 if (errno != EEXIST) {
561 int err = errno;
562 wpa_printf(MSG_INFO, "mkdir(%s) failed: %s",
563 fname, strerror(err));
564 free(fqdn);
565 return -1;
566 }
567 }
568
569 snprintf(fname, fname_len, "SP/%s/pps.xml", fqdn);
570
571 if (os_file_exists(fname)) {
572 wpa_printf(MSG_INFO, "PPS file '%s' exists - reject addMO",
573 fname);
574 write_result(ctx, "PPS file '%s' exists - reject addMO",
575 fname);
576 free(fqdn);
577 return -2;
578 }
579 wpa_printf(MSG_INFO, "Using PPS file: %s", fname);
580
581 str = xml_node_get_text(ctx->xml, add_mo);
582 if (str == NULL) {
583 wpa_printf(MSG_INFO, "Could not extract MO text");
584 free(fqdn);
585 return -1;
586 }
587 wpa_printf(MSG_DEBUG, "[hs20] addMO text: '%s'", str);
588
589 tnds = xml_node_from_buf(ctx->xml, str);
590 xml_node_get_text_free(ctx->xml, str);
591 if (tnds == NULL) {
592 wpa_printf(MSG_INFO, "[hs20] Could not parse addMO text");
593 free(fqdn);
594 return -1;
595 }
596
597 mo = tnds_to_mo(ctx->xml, tnds);
598 if (mo == NULL) {
599 wpa_printf(MSG_INFO, "[hs20] Could not parse addMO TNDS text");
600 free(fqdn);
601 return -1;
602 }
603
604 debug_dump_node(ctx, "Parsed TNDS", mo);
605
606 name = xml_node_get_localname(ctx->xml, mo);
607 if (os_strcasecmp(name, "PerProviderSubscription") != 0) {
608 wpa_printf(MSG_INFO, "[hs20] Unexpected PPS MO root node name '%s'",
609 name);
610 free(fqdn);
611 return -1;
612 }
613
614 cert = get_child_node(ctx->xml, mo,
615 "Credential/DigitalCertificate/"
616 "CertSHA256Fingerprint");
617 if (cert && process_est_cert(ctx, cert, fqdn) < 0) {
618 xml_node_free(ctx->xml, mo);
619 free(fqdn);
620 return -1;
621 }
622 free(fqdn);
623
624 if (node_to_file(ctx->xml, fname, mo) < 0) {
625 wpa_printf(MSG_INFO, "Could not write MO to file");
626 xml_node_free(ctx->xml, mo);
627 return -1;
628 }
629 xml_node_free(ctx->xml, mo);
630
631 wpa_printf(MSG_INFO, "A new PPS MO added as '%s'", fname);
632 write_summary(ctx, "A new PPS MO added as '%s'", fname);
633
634 ret = download_trust_roots(ctx, fname);
635 if (ret < 0) {
636 wpa_printf(MSG_INFO, "Remove invalid PPS MO file");
637 write_summary(ctx, "Remove invalid PPS MO file");
638 unlink(fname);
639 }
640
641 return ret;
642 }
643
644
645 int update_pps_file(struct hs20_osu_client *ctx, const char *pps_fname,
646 xml_node_t *pps)
647 {
648 char *str;
649 FILE *f;
650 char backup[300];
651
652 if (ctx->client_cert_present) {
653 xml_node_t *cert;
654 cert = get_child_node(ctx->xml, pps,
655 "Credential/DigitalCertificate/"
656 "CertSHA256Fingerprint");
657 if (cert && os_file_exists("Cert/est_cert.der") &&
658 process_est_cert(ctx, cert, ctx->fqdn) < 0) {
659 wpa_printf(MSG_INFO, "EST certificate update processing failed on PPS MO update");
660 return -1;
661 }
662 }
663
664 wpa_printf(MSG_INFO, "Updating PPS MO %s", pps_fname);
665
666 str = xml_node_to_str(ctx->xml, pps);
667 wpa_printf(MSG_MSGDUMP, "[hs20] Updated PPS: '%s'", str);
668
669 snprintf(backup, sizeof(backup), "%s.bak", pps_fname);
670 rename(pps_fname, backup);
671 f = fopen(pps_fname, "w");
672 if (f == NULL) {
673 wpa_printf(MSG_INFO, "Could not write PPS");
674 rename(backup, pps_fname);
675 free(str);
676 return -1;
677 }
678 fprintf(f, "%s\n", str);
679 fclose(f);
680
681 free(str);
682
683 return 0;
684 }
685
686
687 void get_user_pw(struct hs20_osu_client *ctx, xml_node_t *pps,
688 const char *alt_loc, char **user, char **pw)
689 {
690 xml_node_t *node;
691
692 node = get_child_node(ctx->xml, pps,
693 "Credential/UsernamePassword/Username");
694 if (node)
695 *user = xml_node_get_text(ctx->xml, node);
696
697 node = get_child_node(ctx->xml, pps,
698 "Credential/UsernamePassword/Password");
699 if (node)
700 *pw = xml_node_get_base64_text(ctx->xml, node, NULL);
701
702 node = get_child_node(ctx->xml, pps, alt_loc);
703 if (node) {
704 xml_node_t *a;
705 a = get_node(ctx->xml, node, "Username");
706 if (a) {
707 xml_node_get_text_free(ctx->xml, *user);
708 *user = xml_node_get_text(ctx->xml, a);
709 wpa_printf(MSG_INFO, "Use OSU username '%s'", *user);
710 }
711
712 a = get_node(ctx->xml, node, "Password");
713 if (a) {
714 free(*pw);
715 *pw = xml_node_get_base64_text(ctx->xml, a, NULL);
716 wpa_printf(MSG_INFO, "Use OSU password");
717 }
718 }
719 }
720
721
722 /* Remove old credentials based on HomeSP/FQDN */
723 static void remove_sp_creds(struct hs20_osu_client *ctx, const char *fqdn)
724 {
725 char cmd[300];
726 os_snprintf(cmd, sizeof(cmd), "REMOVE_CRED provisioning_sp=%s", fqdn);
727 if (wpa_command(ctx->ifname, cmd) < 0)
728 wpa_printf(MSG_INFO, "Failed to remove old credential(s)");
729 }
730
731
732 static void set_pps_cred_policy_spe(struct hs20_osu_client *ctx, int id,
733 xml_node_t *spe)
734 {
735 xml_node_t *ssid;
736 char *txt;
737
738 ssid = get_node(ctx->xml, spe, "SSID");
739 if (ssid == NULL)
740 return;
741 txt = xml_node_get_text(ctx->xml, ssid);
742 if (txt == NULL)
743 return;
744 wpa_printf(MSG_DEBUG, "- Policy/SPExclusionList/<X+>/SSID = %s", txt);
745 if (set_cred_quoted(ctx->ifname, id, "excluded_ssid", txt) < 0)
746 wpa_printf(MSG_INFO, "Failed to set cred excluded_ssid");
747 xml_node_get_text_free(ctx->xml, txt);
748 }
749
750
751 static void set_pps_cred_policy_spel(struct hs20_osu_client *ctx, int id,
752 xml_node_t *spel)
753 {
754 xml_node_t *child;
755
756 xml_node_for_each_child(ctx->xml, child, spel) {
757 xml_node_for_each_check(ctx->xml, child);
758 set_pps_cred_policy_spe(ctx, id, child);
759 }
760 }
761
762
763 static void set_pps_cred_policy_prp(struct hs20_osu_client *ctx, int id,
764 xml_node_t *prp)
765 {
766 xml_node_t *node;
767 char *txt = NULL, *pos;
768 char *prio, *country_buf = NULL;
769 const char *country;
770 char val[200];
771 int priority;
772
773 node = get_node(ctx->xml, prp, "Priority");
774 if (node == NULL)
775 return;
776 prio = xml_node_get_text(ctx->xml, node);
777 if (prio == NULL)
778 return;
779 wpa_printf(MSG_INFO, "- Policy/PreferredRoamingPartnerList/<X+>/Priority = %s",
780 prio);
781 priority = atoi(prio);
782 xml_node_get_text_free(ctx->xml, prio);
783
784 node = get_node(ctx->xml, prp, "Country");
785 if (node) {
786 country_buf = xml_node_get_text(ctx->xml, node);
787 if (country_buf == NULL)
788 return;
789 country = country_buf;
790 wpa_printf(MSG_INFO, "- Policy/PreferredRoamingPartnerList/<X+>/Country = %s",
791 country);
792 } else {
793 country = "*";
794 }
795
796 node = get_node(ctx->xml, prp, "FQDN_Match");
797 if (node == NULL)
798 goto out;
799 txt = xml_node_get_text(ctx->xml, node);
800 if (txt == NULL)
801 goto out;
802 wpa_printf(MSG_INFO, "- Policy/PreferredRoamingPartnerList/<X+>/FQDN_Match = %s",
803 txt);
804 pos = strrchr(txt, ',');
805 if (pos == NULL)
806 goto out;
807 *pos++ = '\0';
808
809 snprintf(val, sizeof(val), "%s,%d,%d,%s", txt,
810 strcmp(pos, "includeSubdomains") != 0, priority, country);
811 if (set_cred_quoted(ctx->ifname, id, "roaming_partner", val) < 0)
812 wpa_printf(MSG_INFO, "Failed to set cred roaming_partner");
813 out:
814 xml_node_get_text_free(ctx->xml, country_buf);
815 xml_node_get_text_free(ctx->xml, txt);
816 }
817
818
819 static void set_pps_cred_policy_prpl(struct hs20_osu_client *ctx, int id,
820 xml_node_t *prpl)
821 {
822 xml_node_t *child;
823
824 xml_node_for_each_child(ctx->xml, child, prpl) {
825 xml_node_for_each_check(ctx->xml, child);
826 set_pps_cred_policy_prp(ctx, id, child);
827 }
828 }
829
830
831 static void set_pps_cred_policy_min_backhaul(struct hs20_osu_client *ctx, int id,
832 xml_node_t *min_backhaul)
833 {
834 xml_node_t *node;
835 char *type, *dl = NULL, *ul = NULL;
836 int home;
837
838 node = get_node(ctx->xml, min_backhaul, "NetworkType");
839 if (node == NULL) {
840 wpa_printf(MSG_INFO, "Ignore MinBackhaulThreshold without mandatory NetworkType node");
841 return;
842 }
843
844 type = xml_node_get_text(ctx->xml, node);
845 if (type == NULL)
846 return;
847 wpa_printf(MSG_INFO, "- Policy/MinBackhaulThreshold/<X+>/NetworkType = %s",
848 type);
849 if (os_strcasecmp(type, "home") == 0)
850 home = 1;
851 else if (os_strcasecmp(type, "roaming") == 0)
852 home = 0;
853 else {
854 wpa_printf(MSG_INFO, "Ignore MinBackhaulThreshold with invalid NetworkType");
855 xml_node_get_text_free(ctx->xml, type);
856 return;
857 }
858 xml_node_get_text_free(ctx->xml, type);
859
860 node = get_node(ctx->xml, min_backhaul, "DLBandwidth");
861 if (node)
862 dl = xml_node_get_text(ctx->xml, node);
863
864 node = get_node(ctx->xml, min_backhaul, "ULBandwidth");
865 if (node)
866 ul = xml_node_get_text(ctx->xml, node);
867
868 if (dl == NULL && ul == NULL) {
869 wpa_printf(MSG_INFO, "Ignore MinBackhaulThreshold without either DLBandwidth or ULBandwidth nodes");
870 return;
871 }
872
873 if (dl)
874 wpa_printf(MSG_INFO, "- Policy/MinBackhaulThreshold/<X+>/DLBandwidth = %s",
875 dl);
876 if (ul)
877 wpa_printf(MSG_INFO, "- Policy/MinBackhaulThreshold/<X+>/ULBandwidth = %s",
878 ul);
879
880 if (home) {
881 if (dl &&
882 set_cred(ctx->ifname, id, "min_dl_bandwidth_home", dl) < 0)
883 wpa_printf(MSG_INFO, "Failed to set cred bandwidth limit");
884 if (ul &&
885 set_cred(ctx->ifname, id, "min_ul_bandwidth_home", ul) < 0)
886 wpa_printf(MSG_INFO, "Failed to set cred bandwidth limit");
887 } else {
888 if (dl &&
889 set_cred(ctx->ifname, id, "min_dl_bandwidth_roaming", dl) <
890 0)
891 wpa_printf(MSG_INFO, "Failed to set cred bandwidth limit");
892 if (ul &&
893 set_cred(ctx->ifname, id, "min_ul_bandwidth_roaming", ul) <
894 0)
895 wpa_printf(MSG_INFO, "Failed to set cred bandwidth limit");
896 }
897
898 xml_node_get_text_free(ctx->xml, dl);
899 xml_node_get_text_free(ctx->xml, ul);
900 }
901
902
903 static void set_pps_cred_policy_min_backhaul_list(struct hs20_osu_client *ctx,
904 int id, xml_node_t *node)
905 {
906 xml_node_t *child;
907
908 wpa_printf(MSG_INFO, "- Policy/MinBackhaulThreshold");
909
910 xml_node_for_each_child(ctx->xml, child, node) {
911 xml_node_for_each_check(ctx->xml, child);
912 set_pps_cred_policy_min_backhaul(ctx, id, child);
913 }
914 }
915
916
917 static void set_pps_cred_policy_update(struct hs20_osu_client *ctx, int id,
918 xml_node_t *node)
919 {
920 wpa_printf(MSG_INFO, "- Policy/PolicyUpdate");
921 /* Not used in wpa_supplicant */
922 }
923
924
925 static void set_pps_cred_policy_required_proto_port(struct hs20_osu_client *ctx,
926 int id, xml_node_t *tuple)
927 {
928 xml_node_t *node;
929 char *proto, *port;
930 char *buf;
931 size_t buflen;
932
933 node = get_node(ctx->xml, tuple, "IPProtocol");
934 if (node == NULL) {
935 wpa_printf(MSG_INFO, "Ignore RequiredProtoPortTuple without mandatory IPProtocol node");
936 return;
937 }
938
939 proto = xml_node_get_text(ctx->xml, node);
940 if (proto == NULL)
941 return;
942
943 wpa_printf(MSG_INFO, "- Policy/RequiredProtoPortTuple/<X+>/IPProtocol = %s",
944 proto);
945
946 node = get_node(ctx->xml, tuple, "PortNumber");
947 port = node ? xml_node_get_text(ctx->xml, node) : NULL;
948 if (port) {
949 wpa_printf(MSG_INFO, "- Policy/RequiredProtoPortTuple/<X+>/PortNumber = %s",
950 port);
951 buflen = os_strlen(proto) + os_strlen(port) + 10;
952 buf = os_malloc(buflen);
953 if (buf)
954 os_snprintf(buf, buflen, "%s:%s", proto, port);
955 xml_node_get_text_free(ctx->xml, port);
956 } else {
957 buflen = os_strlen(proto) + 10;
958 buf = os_malloc(buflen);
959 if (buf)
960 os_snprintf(buf, buflen, "%s", proto);
961 }
962
963 xml_node_get_text_free(ctx->xml, proto);
964
965 if (buf == NULL)
966 return;
967
968 if (set_cred(ctx->ifname, id, "req_conn_capab", buf) < 0)
969 wpa_printf(MSG_INFO, "Could not set req_conn_capab");
970
971 os_free(buf);
972 }
973
974
975 static void set_pps_cred_policy_required_proto_ports(struct hs20_osu_client *ctx,
976 int id, xml_node_t *node)
977 {
978 xml_node_t *child;
979
980 wpa_printf(MSG_INFO, "- Policy/RequiredProtoPortTuple");
981
982 xml_node_for_each_child(ctx->xml, child, node) {
983 xml_node_for_each_check(ctx->xml, child);
984 set_pps_cred_policy_required_proto_port(ctx, id, child);
985 }
986 }
987
988
989 static void set_pps_cred_policy_max_bss_load(struct hs20_osu_client *ctx, int id,
990 xml_node_t *node)
991 {
992 char *str = xml_node_get_text(ctx->xml, node);
993 if (str == NULL)
994 return;
995 wpa_printf(MSG_INFO, "- Policy/MaximumBSSLoadValue - %s", str);
996 if (set_cred(ctx->ifname, id, "max_bss_load", str) < 0)
997 wpa_printf(MSG_INFO, "Failed to set cred max_bss_load limit");
998 xml_node_get_text_free(ctx->xml, str);
999 }
1000
1001
1002 static void set_pps_cred_policy(struct hs20_osu_client *ctx, int id,
1003 xml_node_t *node)
1004 {
1005 xml_node_t *child;
1006 const char *name;
1007
1008 wpa_printf(MSG_INFO, "- Policy");
1009
1010 xml_node_for_each_child(ctx->xml, child, node) {
1011 xml_node_for_each_check(ctx->xml, child);
1012 name = xml_node_get_localname(ctx->xml, child);
1013 if (os_strcasecmp(name, "PreferredRoamingPartnerList") == 0)
1014 set_pps_cred_policy_prpl(ctx, id, child);
1015 else if (os_strcasecmp(name, "MinBackhaulThreshold") == 0)
1016 set_pps_cred_policy_min_backhaul_list(ctx, id, child);
1017 else if (os_strcasecmp(name, "PolicyUpdate") == 0)
1018 set_pps_cred_policy_update(ctx, id, child);
1019 else if (os_strcasecmp(name, "SPExclusionList") == 0)
1020 set_pps_cred_policy_spel(ctx, id, child);
1021 else if (os_strcasecmp(name, "RequiredProtoPortTuple") == 0)
1022 set_pps_cred_policy_required_proto_ports(ctx, id, child);
1023 else if (os_strcasecmp(name, "MaximumBSSLoadValue") == 0)
1024 set_pps_cred_policy_max_bss_load(ctx, id, child);
1025 else
1026 wpa_printf(MSG_INFO, "Unknown Policy node '%s'", name);
1027 }
1028 }
1029
1030
1031 static void set_pps_cred_priority(struct hs20_osu_client *ctx, int id,
1032 xml_node_t *node)
1033 {
1034 char *str = xml_node_get_text(ctx->xml, node);
1035 if (str == NULL)
1036 return;
1037 wpa_printf(MSG_INFO, "- CredentialPriority = %s", str);
1038 if (set_cred(ctx->ifname, id, "sp_priority", str) < 0)
1039 wpa_printf(MSG_INFO, "Failed to set cred sp_priority");
1040 xml_node_get_text_free(ctx->xml, str);
1041 }
1042
1043
1044 static void set_pps_cred_aaa_server_trust_root(struct hs20_osu_client *ctx,
1045 int id, xml_node_t *node)
1046 {
1047 wpa_printf(MSG_INFO, "- AAAServerTrustRoot - TODO");
1048 }
1049
1050
1051 static void set_pps_cred_sub_update(struct hs20_osu_client *ctx, int id,
1052 xml_node_t *node)
1053 {
1054 wpa_printf(MSG_INFO, "- SubscriptionUpdate");
1055 /* not used within wpa_supplicant */
1056 }
1057
1058
1059 static void set_pps_cred_home_sp_network_id(struct hs20_osu_client *ctx,
1060 int id, xml_node_t *node)
1061 {
1062 xml_node_t *ssid_node, *hessid_node;
1063 char *ssid, *hessid;
1064
1065 ssid_node = get_node(ctx->xml, node, "SSID");
1066 if (ssid_node == NULL) {
1067 wpa_printf(MSG_INFO, "Ignore HomeSP/NetworkID without mandatory SSID node");
1068 return;
1069 }
1070
1071 hessid_node = get_node(ctx->xml, node, "HESSID");
1072
1073 ssid = xml_node_get_text(ctx->xml, ssid_node);
1074 if (ssid == NULL)
1075 return;
1076 hessid = hessid_node ? xml_node_get_text(ctx->xml, hessid_node) : NULL;
1077
1078 wpa_printf(MSG_INFO, "- HomeSP/NetworkID/<X+>/SSID = %s", ssid);
1079 if (hessid)
1080 wpa_printf(MSG_INFO, "- HomeSP/NetworkID/<X+>/HESSID = %s",
1081 hessid);
1082
1083 /* TODO: Configure to wpa_supplicant */
1084
1085 xml_node_get_text_free(ctx->xml, ssid);
1086 xml_node_get_text_free(ctx->xml, hessid);
1087 }
1088
1089
1090 static void set_pps_cred_home_sp_network_ids(struct hs20_osu_client *ctx,
1091 int id, xml_node_t *node)
1092 {
1093 xml_node_t *child;
1094
1095 wpa_printf(MSG_INFO, "- HomeSP/NetworkID");
1096
1097 xml_node_for_each_child(ctx->xml, child, node) {
1098 xml_node_for_each_check(ctx->xml, child);
1099 set_pps_cred_home_sp_network_id(ctx, id, child);
1100 }
1101 }
1102
1103
1104 static void set_pps_cred_home_sp_friendly_name(struct hs20_osu_client *ctx,
1105 int id, xml_node_t *node)
1106 {
1107 char *str = xml_node_get_text(ctx->xml, node);
1108 if (str == NULL)
1109 return;
1110 wpa_printf(MSG_INFO, "- HomeSP/FriendlyName = %s", str);
1111 /* not used within wpa_supplicant(?) */
1112 xml_node_get_text_free(ctx->xml, str);
1113 }
1114
1115
1116 static void set_pps_cred_home_sp_icon_url(struct hs20_osu_client *ctx,
1117 int id, xml_node_t *node)
1118 {
1119 char *str = xml_node_get_text(ctx->xml, node);
1120 if (str == NULL)
1121 return;
1122 wpa_printf(MSG_INFO, "- HomeSP/IconURL = %s", str);
1123 /* not used within wpa_supplicant */
1124 xml_node_get_text_free(ctx->xml, str);
1125 }
1126
1127
1128 static void set_pps_cred_home_sp_fqdn(struct hs20_osu_client *ctx, int id,
1129 xml_node_t *node)
1130 {
1131 char *str = xml_node_get_text(ctx->xml, node);
1132 if (str == NULL)
1133 return;
1134 wpa_printf(MSG_INFO, "- HomeSP/FQDN = %s", str);
1135 if (set_cred_quoted(ctx->ifname, id, "domain", str) < 0)
1136 wpa_printf(MSG_INFO, "Failed to set cred domain");
1137 if (set_cred_quoted(ctx->ifname, id, "domain_suffix_match", str) < 0)
1138 wpa_printf(MSG_INFO, "Failed to set cred domain_suffix_match");
1139 xml_node_get_text_free(ctx->xml, str);
1140 }
1141
1142
1143 static void set_pps_cred_home_sp_oi(struct hs20_osu_client *ctx, int id,
1144 xml_node_t *node)
1145 {
1146 xml_node_t *child;
1147 const char *name;
1148 char *homeoi = NULL;
1149 int required = 0;
1150 char *str;
1151
1152 xml_node_for_each_child(ctx->xml, child, node) {
1153 xml_node_for_each_check(ctx->xml, child);
1154 name = xml_node_get_localname(ctx->xml, child);
1155 if (strcasecmp(name, "HomeOI") == 0 && !homeoi) {
1156 homeoi = xml_node_get_text(ctx->xml, child);
1157 wpa_printf(MSG_INFO, "- HomeSP/HomeOIList/<X+>/HomeOI = %s",
1158 homeoi);
1159 } else if (strcasecmp(name, "HomeOIRequired") == 0) {
1160 str = xml_node_get_text(ctx->xml, child);
1161 wpa_printf(MSG_INFO, "- HomeSP/HomeOIList/<X+>/HomeOIRequired = '%s'",
1162 str);
1163 if (str == NULL)
1164 continue;
1165 required = strcasecmp(str, "true") == 0;
1166 xml_node_get_text_free(ctx->xml, str);
1167 } else
1168 wpa_printf(MSG_INFO, "Unknown HomeOIList node '%s'",
1169 name);
1170 }
1171
1172 if (homeoi == NULL) {
1173 wpa_printf(MSG_INFO, "- HomeSP/HomeOIList/<X+> without HomeOI ignored");
1174 return;
1175 }
1176
1177 wpa_printf(MSG_INFO, "- HomeSP/HomeOIList/<X+> '%s' required=%d",
1178 homeoi, required);
1179
1180 if (required) {
1181 if (set_cred(ctx->ifname, id, "required_roaming_consortium",
1182 homeoi) < 0)
1183 wpa_printf(MSG_INFO, "Failed to set cred required_roaming_consortium");
1184 } else {
1185 if (set_cred_quoted(ctx->ifname, id, "roaming_consortium",
1186 homeoi) < 0)
1187 wpa_printf(MSG_INFO, "Failed to set cred roaming_consortium");
1188 }
1189
1190 xml_node_get_text_free(ctx->xml, homeoi);
1191 }
1192
1193
1194 static void set_pps_cred_home_sp_oi_list(struct hs20_osu_client *ctx, int id,
1195 xml_node_t *node)
1196 {
1197 xml_node_t *child;
1198
1199 wpa_printf(MSG_INFO, "- HomeSP/HomeOIList");
1200
1201 xml_node_for_each_child(ctx->xml, child, node) {
1202 xml_node_for_each_check(ctx->xml, child);
1203 set_pps_cred_home_sp_oi(ctx, id, child);
1204 }
1205 }
1206
1207
1208 static void set_pps_cred_home_sp_other_partner(struct hs20_osu_client *ctx,
1209 int id, xml_node_t *node)
1210 {
1211 xml_node_t *child;
1212 const char *name;
1213 char *fqdn = NULL;
1214
1215 xml_node_for_each_child(ctx->xml, child, node) {
1216 xml_node_for_each_check(ctx->xml, child);
1217 name = xml_node_get_localname(ctx->xml, child);
1218 if (os_strcasecmp(name, "FQDN") == 0 && !fqdn) {
1219 fqdn = xml_node_get_text(ctx->xml, child);
1220 wpa_printf(MSG_INFO, "- HomeSP/OtherHomePartners/<X+>/FQDN = %s",
1221 fqdn);
1222 } else
1223 wpa_printf(MSG_INFO, "Unknown OtherHomePartners node '%s'",
1224 name);
1225 }
1226
1227 if (fqdn == NULL) {
1228 wpa_printf(MSG_INFO, "- HomeSP/OtherHomePartners/<X+> without FQDN ignored");
1229 return;
1230 }
1231
1232 if (set_cred_quoted(ctx->ifname, id, "domain", fqdn) < 0)
1233 wpa_printf(MSG_INFO, "Failed to set cred domain for OtherHomePartners node");
1234
1235 xml_node_get_text_free(ctx->xml, fqdn);
1236 }
1237
1238
1239 static void set_pps_cred_home_sp_other_partners(struct hs20_osu_client *ctx,
1240 int id,
1241 xml_node_t *node)
1242 {
1243 xml_node_t *child;
1244
1245 wpa_printf(MSG_INFO, "- HomeSP/OtherHomePartners");
1246
1247 xml_node_for_each_child(ctx->xml, child, node) {
1248 xml_node_for_each_check(ctx->xml, child);
1249 set_pps_cred_home_sp_other_partner(ctx, id, child);
1250 }
1251 }
1252
1253
1254 static void set_pps_cred_home_sp_roaming_consortium_oi(
1255 struct hs20_osu_client *ctx, int id, xml_node_t *node)
1256 {
1257 char *str = xml_node_get_text(ctx->xml, node);
1258 if (str == NULL)
1259 return;
1260 wpa_printf(MSG_INFO, "- HomeSP/RoamingConsortiumOI = %s", str);
1261 /* TODO: Set to wpa_supplicant */
1262 xml_node_get_text_free(ctx->xml, str);
1263 }
1264
1265
1266 static void set_pps_cred_home_sp(struct hs20_osu_client *ctx, int id,
1267 xml_node_t *node)
1268 {
1269 xml_node_t *child;
1270 const char *name;
1271
1272 wpa_printf(MSG_INFO, "- HomeSP");
1273
1274 xml_node_for_each_child(ctx->xml, child, node) {
1275 xml_node_for_each_check(ctx->xml, child);
1276 name = xml_node_get_localname(ctx->xml, child);
1277 if (os_strcasecmp(name, "NetworkID") == 0)
1278 set_pps_cred_home_sp_network_ids(ctx, id, child);
1279 else if (os_strcasecmp(name, "FriendlyName") == 0)
1280 set_pps_cred_home_sp_friendly_name(ctx, id, child);
1281 else if (os_strcasecmp(name, "IconURL") == 0)
1282 set_pps_cred_home_sp_icon_url(ctx, id, child);
1283 else if (os_strcasecmp(name, "FQDN") == 0)
1284 set_pps_cred_home_sp_fqdn(ctx, id, child);
1285 else if (os_strcasecmp(name, "HomeOIList") == 0)
1286 set_pps_cred_home_sp_oi_list(ctx, id, child);
1287 else if (os_strcasecmp(name, "OtherHomePartners") == 0)
1288 set_pps_cred_home_sp_other_partners(ctx, id, child);
1289 else if (os_strcasecmp(name, "RoamingConsortiumOI") == 0)
1290 set_pps_cred_home_sp_roaming_consortium_oi(ctx, id,
1291 child);
1292 else
1293 wpa_printf(MSG_INFO, "Unknown HomeSP node '%s'", name);
1294 }
1295 }
1296
1297
1298 static void set_pps_cred_sub_params(struct hs20_osu_client *ctx, int id,
1299 xml_node_t *node)
1300 {
1301 wpa_printf(MSG_INFO, "- SubscriptionParameters");
1302 /* not used within wpa_supplicant */
1303 }
1304
1305
1306 static void set_pps_cred_creation_date(struct hs20_osu_client *ctx, int id,
1307 xml_node_t *node)
1308 {
1309 char *str = xml_node_get_text(ctx->xml, node);
1310 if (str == NULL)
1311 return;
1312 wpa_printf(MSG_INFO, "- Credential/CreationDate = %s", str);
1313 /* not used within wpa_supplicant */
1314 xml_node_get_text_free(ctx->xml, str);
1315 }
1316
1317
1318 static void set_pps_cred_expiration_date(struct hs20_osu_client *ctx, int id,
1319 xml_node_t *node)
1320 {
1321 char *str = xml_node_get_text(ctx->xml, node);
1322 if (str == NULL)
1323 return;
1324 wpa_printf(MSG_INFO, "- Credential/ExpirationDate = %s", str);
1325 /* not used within wpa_supplicant */
1326 xml_node_get_text_free(ctx->xml, str);
1327 }
1328
1329
1330 static void set_pps_cred_username(struct hs20_osu_client *ctx, int id,
1331 xml_node_t *node)
1332 {
1333 char *str = xml_node_get_text(ctx->xml, node);
1334 if (str == NULL)
1335 return;
1336 wpa_printf(MSG_INFO, "- Credential/UsernamePassword/Username = %s",
1337 str);
1338 if (set_cred_quoted(ctx->ifname, id, "username", str) < 0)
1339 wpa_printf(MSG_INFO, "Failed to set cred username");
1340 xml_node_get_text_free(ctx->xml, str);
1341 }
1342
1343
1344 static void set_pps_cred_password(struct hs20_osu_client *ctx, int id,
1345 xml_node_t *node)
1346 {
1347 int len, i;
1348 char *pw, *hex, *pos, *end;
1349
1350 pw = xml_node_get_base64_text(ctx->xml, node, &len);
1351 if (pw == NULL)
1352 return;
1353
1354 wpa_printf(MSG_INFO, "- Credential/UsernamePassword/Password = %s", pw);
1355
1356 hex = malloc(len * 2 + 1);
1357 if (hex == NULL) {
1358 free(pw);
1359 return;
1360 }
1361 end = hex + len * 2 + 1;
1362 pos = hex;
1363 for (i = 0; i < len; i++) {
1364 snprintf(pos, end - pos, "%02x", pw[i]);
1365 pos += 2;
1366 }
1367 free(pw);
1368
1369 if (set_cred(ctx->ifname, id, "password", hex) < 0)
1370 wpa_printf(MSG_INFO, "Failed to set cred password");
1371 free(hex);
1372 }
1373
1374
1375 static void set_pps_cred_machine_managed(struct hs20_osu_client *ctx, int id,
1376 xml_node_t *node)
1377 {
1378 char *str = xml_node_get_text(ctx->xml, node);
1379 if (str == NULL)
1380 return;
1381 wpa_printf(MSG_INFO, "- Credential/UsernamePassword/MachineManaged = %s",
1382 str);
1383 /* not used within wpa_supplicant */
1384 xml_node_get_text_free(ctx->xml, str);
1385 }
1386
1387
1388 static void set_pps_cred_soft_token_app(struct hs20_osu_client *ctx, int id,
1389 xml_node_t *node)
1390 {
1391 char *str = xml_node_get_text(ctx->xml, node);
1392 if (str == NULL)
1393 return;
1394 wpa_printf(MSG_INFO, "- Credential/UsernamePassword/SoftTokenApp = %s",
1395 str);
1396 /* not used within wpa_supplicant */
1397 xml_node_get_text_free(ctx->xml, str);
1398 }
1399
1400
1401 static void set_pps_cred_able_to_share(struct hs20_osu_client *ctx, int id,
1402 xml_node_t *node)
1403 {
1404 char *str = xml_node_get_text(ctx->xml, node);
1405 if (str == NULL)
1406 return;
1407 wpa_printf(MSG_INFO, "- Credential/UsernamePassword/AbleToShare = %s",
1408 str);
1409 /* not used within wpa_supplicant */
1410 xml_node_get_text_free(ctx->xml, str);
1411 }
1412
1413
1414 static void set_pps_cred_eap_method(struct hs20_osu_client *ctx, int id,
1415 xml_node_t *node)
1416 {
1417 wpa_printf(MSG_INFO, "- Credential/UsernamePassword/EAPMethod - TODO");
1418 }
1419
1420
1421 static void set_pps_cred_username_password(struct hs20_osu_client *ctx, int id,
1422 xml_node_t *node)
1423 {
1424 xml_node_t *child;
1425 const char *name;
1426
1427 wpa_printf(MSG_INFO, "- Credential/UsernamePassword");
1428
1429 xml_node_for_each_child(ctx->xml, child, node) {
1430 xml_node_for_each_check(ctx->xml, child);
1431 name = xml_node_get_localname(ctx->xml, child);
1432 if (os_strcasecmp(name, "Username") == 0)
1433 set_pps_cred_username(ctx, id, child);
1434 else if (os_strcasecmp(name, "Password") == 0)
1435 set_pps_cred_password(ctx, id, child);
1436 else if (os_strcasecmp(name, "MachineManaged") == 0)
1437 set_pps_cred_machine_managed(ctx, id, child);
1438 else if (os_strcasecmp(name, "SoftTokenApp") == 0)
1439 set_pps_cred_soft_token_app(ctx, id, child);
1440 else if (os_strcasecmp(name, "AbleToShare") == 0)
1441 set_pps_cred_able_to_share(ctx, id, child);
1442 else if (os_strcasecmp(name, "EAPMethod") == 0)
1443 set_pps_cred_eap_method(ctx, id, child);
1444 else
1445 wpa_printf(MSG_INFO, "Unknown Credential/UsernamePassword node '%s'",
1446 name);
1447 }
1448 }
1449
1450
1451 static void set_pps_cred_digital_cert(struct hs20_osu_client *ctx, int id,
1452 xml_node_t *node, const char *fqdn)
1453 {
1454 char buf[200], dir[200];
1455
1456 wpa_printf(MSG_INFO, "- Credential/DigitalCertificate");
1457
1458 if (getcwd(dir, sizeof(dir)) == NULL)
1459 return;
1460
1461 /* TODO: could build username from Subject of Subject AltName */
1462 if (set_cred_quoted(ctx->ifname, id, "username", "cert") < 0) {
1463 wpa_printf(MSG_INFO, "Failed to set username");
1464 }
1465
1466 snprintf(buf, sizeof(buf), "%s/SP/%s/client-cert.pem", dir, fqdn);
1467 if (os_file_exists(buf)) {
1468 if (set_cred_quoted(ctx->ifname, id, "client_cert", buf) < 0) {
1469 wpa_printf(MSG_INFO, "Failed to set client_cert");
1470 }
1471 }
1472
1473 snprintf(buf, sizeof(buf), "%s/SP/%s/client-key.pem", dir, fqdn);
1474 if (os_file_exists(buf)) {
1475 if (set_cred_quoted(ctx->ifname, id, "private_key", buf) < 0) {
1476 wpa_printf(MSG_INFO, "Failed to set private_key");
1477 }
1478 }
1479 }
1480
1481
1482 static void set_pps_cred_realm(struct hs20_osu_client *ctx, int id,
1483 xml_node_t *node, const char *fqdn, int sim)
1484 {
1485 char *str = xml_node_get_text(ctx->xml, node);
1486 char buf[200], dir[200];
1487
1488 if (str == NULL)
1489 return;
1490
1491 wpa_printf(MSG_INFO, "- Credential/Realm = %s", str);
1492 if (set_cred_quoted(ctx->ifname, id, "realm", str) < 0)
1493 wpa_printf(MSG_INFO, "Failed to set cred realm");
1494 xml_node_get_text_free(ctx->xml, str);
1495
1496 if (sim)
1497 return;
1498
1499 if (getcwd(dir, sizeof(dir)) == NULL)
1500 return;
1501 snprintf(buf, sizeof(buf), "%s/SP/%s/aaa-ca.pem", dir, fqdn);
1502 if (os_file_exists(buf)) {
1503 if (set_cred_quoted(ctx->ifname, id, "ca_cert", buf) < 0) {
1504 wpa_printf(MSG_INFO, "Failed to set CA cert");
1505 }
1506 }
1507 }
1508
1509
1510 static void set_pps_cred_check_aaa_cert_status(struct hs20_osu_client *ctx,
1511 int id, xml_node_t *node)
1512 {
1513 char *str = xml_node_get_text(ctx->xml, node);
1514
1515 if (str == NULL)
1516 return;
1517
1518 wpa_printf(MSG_INFO, "- Credential/CheckAAAServerCertStatus = %s", str);
1519 if (os_strcasecmp(str, "true") == 0 &&
1520 set_cred(ctx->ifname, id, "ocsp", "2") < 0)
1521 wpa_printf(MSG_INFO, "Failed to set cred ocsp");
1522 xml_node_get_text_free(ctx->xml, str);
1523 }
1524
1525
1526 static void set_pps_cred_sim(struct hs20_osu_client *ctx, int id,
1527 xml_node_t *sim, xml_node_t *realm)
1528 {
1529 xml_node_t *node;
1530 char *imsi, *eaptype, *str, buf[20];
1531 int type;
1532 int mnc_len = 3;
1533 size_t imsi_len;
1534
1535 node = get_node(ctx->xml, sim, "EAPType");
1536 if (node == NULL) {
1537 wpa_printf(MSG_INFO, "No SIM/EAPType node in credential");
1538 return;
1539 }
1540 eaptype = xml_node_get_text(ctx->xml, node);
1541 if (eaptype == NULL) {
1542 wpa_printf(MSG_INFO, "Could not extract SIM/EAPType");
1543 return;
1544 }
1545 wpa_printf(MSG_INFO, " - Credential/SIM/EAPType = %s", eaptype);
1546 type = atoi(eaptype);
1547 xml_node_get_text_free(ctx->xml, eaptype);
1548
1549 switch (type) {
1550 case EAP_TYPE_SIM:
1551 if (set_cred(ctx->ifname, id, "eap", "SIM") < 0)
1552 wpa_printf(MSG_INFO, "Could not set eap=SIM");
1553 break;
1554 case EAP_TYPE_AKA:
1555 if (set_cred(ctx->ifname, id, "eap", "AKA") < 0)
1556 wpa_printf(MSG_INFO, "Could not set eap=SIM");
1557 break;
1558 case EAP_TYPE_AKA_PRIME:
1559 if (set_cred(ctx->ifname, id, "eap", "AKA'") < 0)
1560 wpa_printf(MSG_INFO, "Could not set eap=SIM");
1561 break;
1562 default:
1563 wpa_printf(MSG_INFO, "Unsupported SIM/EAPType %d", type);
1564 return;
1565 }
1566
1567 node = get_node(ctx->xml, sim, "IMSI");
1568 if (node == NULL) {
1569 wpa_printf(MSG_INFO, "No SIM/IMSI node in credential");
1570 return;
1571 }
1572 imsi = xml_node_get_text(ctx->xml, node);
1573 if (imsi == NULL) {
1574 wpa_printf(MSG_INFO, "Could not extract SIM/IMSI");
1575 return;
1576 }
1577 wpa_printf(MSG_INFO, " - Credential/SIM/IMSI = %s", imsi);
1578 imsi_len = os_strlen(imsi);
1579 if (imsi_len < 7 || imsi_len + 2 > sizeof(buf)) {
1580 wpa_printf(MSG_INFO, "Invalid IMSI length");
1581 xml_node_get_text_free(ctx->xml, imsi);
1582 return;
1583 }
1584
1585 str = xml_node_get_text(ctx->xml, node);
1586 if (str) {
1587 char *pos;
1588 pos = os_strstr(str, "mnc");
1589 if (pos && os_strlen(pos) >= 6) {
1590 if (os_strncmp(imsi + 3, pos + 3, 3) == 0)
1591 mnc_len = 3;
1592 else if (os_strncmp(imsi + 3, pos + 4, 2) == 0)
1593 mnc_len = 2;
1594 }
1595 xml_node_get_text_free(ctx->xml, str);
1596 }
1597
1598 os_memcpy(buf, imsi, 3 + mnc_len);
1599 buf[3 + mnc_len] = '-';
1600 os_strlcpy(buf + 3 + mnc_len + 1, imsi + 3 + mnc_len,
1601 sizeof(buf) - 3 - mnc_len - 1);
1602
1603 xml_node_get_text_free(ctx->xml, imsi);
1604
1605 if (set_cred_quoted(ctx->ifname, id, "imsi", buf) < 0)
1606 wpa_printf(MSG_INFO, "Could not set IMSI");
1607
1608 if (set_cred_quoted(ctx->ifname, id, "milenage",
1609 "90dca4eda45b53cf0f12d7c9c3bc6a89:"
1610 "cb9cccc4b9258e6dca4760379fb82581:000000000123") <
1611 0)
1612 wpa_printf(MSG_INFO, "Could not set Milenage parameters");
1613 }
1614
1615
1616 static void set_pps_cred_credential(struct hs20_osu_client *ctx, int id,
1617 xml_node_t *node, const char *fqdn)
1618 {
1619 xml_node_t *child, *sim, *realm;
1620 const char *name;
1621
1622 wpa_printf(MSG_INFO, "- Credential");
1623
1624 sim = get_node(ctx->xml, node, "SIM");
1625 realm = get_node(ctx->xml, node, "Realm");
1626
1627 xml_node_for_each_child(ctx->xml, child, node) {
1628 xml_node_for_each_check(ctx->xml, child);
1629 name = xml_node_get_localname(ctx->xml, child);
1630 if (os_strcasecmp(name, "CreationDate") == 0)
1631 set_pps_cred_creation_date(ctx, id, child);
1632 else if (os_strcasecmp(name, "ExpirationDate") == 0)
1633 set_pps_cred_expiration_date(ctx, id, child);
1634 else if (os_strcasecmp(name, "UsernamePassword") == 0)
1635 set_pps_cred_username_password(ctx, id, child);
1636 else if (os_strcasecmp(name, "DigitalCertificate") == 0)
1637 set_pps_cred_digital_cert(ctx, id, child, fqdn);
1638 else if (os_strcasecmp(name, "Realm") == 0)
1639 set_pps_cred_realm(ctx, id, child, fqdn, sim != NULL);
1640 else if (os_strcasecmp(name, "CheckAAAServerCertStatus") == 0)
1641 set_pps_cred_check_aaa_cert_status(ctx, id, child);
1642 else if (os_strcasecmp(name, "SIM") == 0)
1643 set_pps_cred_sim(ctx, id, child, realm);
1644 else
1645 wpa_printf(MSG_INFO, "Unknown Credential node '%s'",
1646 name);
1647 }
1648 }
1649
1650
1651 static void set_pps_credential(struct hs20_osu_client *ctx, int id,
1652 xml_node_t *cred, const char *fqdn)
1653 {
1654 xml_node_t *child;
1655 const char *name;
1656
1657 xml_node_for_each_child(ctx->xml, child, cred) {
1658 xml_node_for_each_check(ctx->xml, child);
1659 name = xml_node_get_localname(ctx->xml, child);
1660 if (os_strcasecmp(name, "Policy") == 0)
1661 set_pps_cred_policy(ctx, id, child);
1662 else if (os_strcasecmp(name, "CredentialPriority") == 0)
1663 set_pps_cred_priority(ctx, id, child);
1664 else if (os_strcasecmp(name, "AAAServerTrustRoot") == 0)
1665 set_pps_cred_aaa_server_trust_root(ctx, id, child);
1666 else if (os_strcasecmp(name, "SubscriptionUpdate") == 0)
1667 set_pps_cred_sub_update(ctx, id, child);
1668 else if (os_strcasecmp(name, "HomeSP") == 0)
1669 set_pps_cred_home_sp(ctx, id, child);
1670 else if (os_strcasecmp(name, "SubscriptionParameters") == 0)
1671 set_pps_cred_sub_params(ctx, id, child);
1672 else if (os_strcasecmp(name, "Credential") == 0)
1673 set_pps_cred_credential(ctx, id, child, fqdn);
1674 else
1675 wpa_printf(MSG_INFO, "Unknown credential node '%s'",
1676 name);
1677 }
1678 }
1679
1680
1681 static void set_pps(struct hs20_osu_client *ctx, xml_node_t *pps,
1682 const char *fqdn)
1683 {
1684 xml_node_t *child;
1685 const char *name;
1686 int id;
1687 char *update_identifier = NULL;
1688
1689 /*
1690 * TODO: Could consider more complex mechanism that would remove
1691 * credentials only if there are changes in the information sent to
1692 * wpa_supplicant.
1693 */
1694 remove_sp_creds(ctx, fqdn);
1695
1696 xml_node_for_each_child(ctx->xml, child, pps) {
1697 xml_node_for_each_check(ctx->xml, child);
1698 name = xml_node_get_localname(ctx->xml, child);
1699 if (os_strcasecmp(name, "UpdateIdentifier") == 0) {
1700 update_identifier = xml_node_get_text(ctx->xml, child);
1701 if (update_identifier) {
1702 wpa_printf(MSG_INFO, "- UpdateIdentifier = %s",
1703 update_identifier);
1704 break;
1705 }
1706 }
1707 }
1708
1709 xml_node_for_each_child(ctx->xml, child, pps) {
1710 xml_node_for_each_check(ctx->xml, child);
1711 name = xml_node_get_localname(ctx->xml, child);
1712 if (os_strcasecmp(name, "UpdateIdentifier") == 0)
1713 continue;
1714 id = add_cred(ctx->ifname);
1715 if (id < 0) {
1716 wpa_printf(MSG_INFO, "Failed to add credential to wpa_supplicant");
1717 write_summary(ctx, "Failed to add credential to wpa_supplicant");
1718 break;
1719 }
1720 write_summary(ctx, "Add a credential to wpa_supplicant");
1721 if (update_identifier &&
1722 set_cred(ctx->ifname, id, "update_identifier",
1723 update_identifier) < 0)
1724 wpa_printf(MSG_INFO, "Failed to set update_identifier");
1725 if (set_cred_quoted(ctx->ifname, id, "provisioning_sp", fqdn) <
1726 0)
1727 wpa_printf(MSG_INFO, "Failed to set provisioning_sp");
1728 wpa_printf(MSG_INFO, "credential localname: '%s'", name);
1729 set_pps_credential(ctx, id, child, fqdn);
1730 ctx->pps_cred_set = 1;
1731 }
1732
1733 xml_node_get_text_free(ctx->xml, update_identifier);
1734 }
1735
1736
1737 void cmd_set_pps(struct hs20_osu_client *ctx, const char *pps_fname)
1738 {
1739 xml_node_t *pps;
1740 const char *fqdn;
1741 char *fqdn_buf = NULL, *pos;
1742
1743 pps = node_from_file(ctx->xml, pps_fname);
1744 if (pps == NULL) {
1745 wpa_printf(MSG_INFO, "Could not read or parse '%s'", pps_fname);
1746 return;
1747 }
1748
1749 fqdn = os_strstr(pps_fname, "SP/");
1750 if (fqdn) {
1751 fqdn_buf = os_strdup(fqdn + 3);
1752 if (fqdn_buf == NULL)
1753 return;
1754 pos = os_strchr(fqdn_buf, '/');
1755 if (pos)
1756 *pos = '\0';
1757 fqdn = fqdn_buf;
1758 } else
1759 fqdn = "wi-fi.org";
1760
1761 wpa_printf(MSG_INFO, "Set PPS MO info to wpa_supplicant - SP FQDN %s",
1762 fqdn);
1763 set_pps(ctx, pps, fqdn);
1764
1765 os_free(fqdn_buf);
1766 xml_node_free(ctx->xml, pps);
1767 }
1768
1769
1770 static int cmd_get_fqdn(struct hs20_osu_client *ctx, const char *pps_fname)
1771 {
1772 xml_node_t *pps, *node;
1773 char *fqdn = NULL;
1774
1775 pps = node_from_file(ctx->xml, pps_fname);
1776 if (pps == NULL) {
1777 wpa_printf(MSG_INFO, "Could not read or parse '%s'", pps_fname);
1778 return -1;
1779 }
1780
1781 node = get_child_node(ctx->xml, pps, "HomeSP/FQDN");
1782 if (node)
1783 fqdn = xml_node_get_text(ctx->xml, node);
1784
1785 xml_node_free(ctx->xml, pps);
1786
1787 if (fqdn) {
1788 FILE *f = fopen("pps-fqdn", "w");
1789 if (f) {
1790 fprintf(f, "%s", fqdn);
1791 fclose(f);
1792 }
1793 xml_node_get_text_free(ctx->xml, fqdn);
1794 return 0;
1795 }
1796
1797 xml_node_get_text_free(ctx->xml, fqdn);
1798 return -1;
1799 }
1800
1801
1802 static void cmd_to_tnds(struct hs20_osu_client *ctx, const char *in_fname,
1803 const char *out_fname, const char *urn, int use_path)
1804 {
1805 xml_node_t *mo, *node;
1806
1807 mo = node_from_file(ctx->xml, in_fname);
1808 if (mo == NULL) {
1809 wpa_printf(MSG_INFO, "Could not read or parse '%s'", in_fname);
1810 return;
1811 }
1812
1813 node = mo_to_tnds(ctx->xml, mo, use_path, urn, NULL);
1814 if (node) {
1815 node_to_file(ctx->xml, out_fname, node);
1816 xml_node_free(ctx->xml, node);
1817 }
1818
1819 xml_node_free(ctx->xml, mo);
1820 }
1821
1822
1823 static void cmd_from_tnds(struct hs20_osu_client *ctx, const char *in_fname,
1824 const char *out_fname)
1825 {
1826 xml_node_t *tnds, *mo;
1827
1828 tnds = node_from_file(ctx->xml, in_fname);
1829 if (tnds == NULL) {
1830 wpa_printf(MSG_INFO, "Could not read or parse '%s'", in_fname);
1831 return;
1832 }
1833
1834 mo = tnds_to_mo(ctx->xml, tnds);
1835 if (mo) {
1836 node_to_file(ctx->xml, out_fname, mo);
1837 xml_node_free(ctx->xml, mo);
1838 }
1839
1840 xml_node_free(ctx->xml, tnds);
1841 }
1842
1843
1844 struct osu_icon {
1845 int id;
1846 char lang[4];
1847 char mime_type[256];
1848 char filename[256];
1849 };
1850
1851 struct osu_data {
1852 char bssid[20];
1853 char url[256];
1854 unsigned int methods;
1855 char osu_ssid[33];
1856 char osu_nai[256];
1857 struct osu_lang_text friendly_name[MAX_OSU_VALS];
1858 size_t friendly_name_count;
1859 struct osu_lang_text serv_desc[MAX_OSU_VALS];
1860 size_t serv_desc_count;
1861 struct osu_icon icon[MAX_OSU_VALS];
1862 size_t icon_count;
1863 };
1864
1865
1866 static struct osu_data * parse_osu_providers(const char *fname, size_t *count)
1867 {
1868 FILE *f;
1869 char buf[1000];
1870 struct osu_data *osu = NULL, *last = NULL;
1871 size_t osu_count = 0;
1872 char *pos, *end;
1873
1874 f = fopen(fname, "r");
1875 if (f == NULL) {
1876 wpa_printf(MSG_ERROR, "Could not open %s", fname);
1877 return NULL;
1878 }
1879
1880 while (fgets(buf, sizeof(buf), f)) {
1881 pos = strchr(buf, '\n');
1882 if (pos)
1883 *pos = '\0';
1884
1885 if (strncmp(buf, "OSU-PROVIDER ", 13) == 0) {
1886 last = realloc(osu, (osu_count + 1) * sizeof(*osu));
1887 if (last == NULL)
1888 break;
1889 osu = last;
1890 last = &osu[osu_count++];
1891 memset(last, 0, sizeof(*last));
1892 snprintf(last->bssid, sizeof(last->bssid), "%s",
1893 buf + 13);
1894 continue;
1895 }
1896 if (!last)
1897 continue;
1898
1899 if (strncmp(buf, "uri=", 4) == 0) {
1900 snprintf(last->url, sizeof(last->url), "%s", buf + 4);
1901 continue;
1902 }
1903
1904 if (strncmp(buf, "methods=", 8) == 0) {
1905 last->methods = strtol(buf + 8, NULL, 16);
1906 continue;
1907 }
1908
1909 if (strncmp(buf, "osu_ssid=", 9) == 0) {
1910 snprintf(last->osu_ssid, sizeof(last->osu_ssid),
1911 "%s", buf + 9);
1912 continue;
1913 }
1914
1915 if (os_strncmp(buf, "osu_nai=", 8) == 0) {
1916 os_snprintf(last->osu_nai, sizeof(last->osu_nai),
1917 "%s", buf + 8);
1918 continue;
1919 }
1920
1921 if (strncmp(buf, "friendly_name=", 14) == 0) {
1922 struct osu_lang_text *txt;
1923 if (last->friendly_name_count == MAX_OSU_VALS)
1924 continue;
1925 pos = strchr(buf + 14, ':');
1926 if (pos == NULL)
1927 continue;
1928 *pos++ = '\0';
1929 txt = &last->friendly_name[last->friendly_name_count++];
1930 snprintf(txt->lang, sizeof(txt->lang), "%s", buf + 14);
1931 snprintf(txt->text, sizeof(txt->text), "%s", pos);
1932 }
1933
1934 if (strncmp(buf, "desc=", 5) == 0) {
1935 struct osu_lang_text *txt;
1936 if (last->serv_desc_count == MAX_OSU_VALS)
1937 continue;
1938 pos = strchr(buf + 5, ':');
1939 if (pos == NULL)
1940 continue;
1941 *pos++ = '\0';
1942 txt = &last->serv_desc[last->serv_desc_count++];
1943 snprintf(txt->lang, sizeof(txt->lang), "%s", buf + 5);
1944 snprintf(txt->text, sizeof(txt->text), "%s", pos);
1945 }
1946
1947 if (strncmp(buf, "icon=", 5) == 0) {
1948 struct osu_icon *icon;
1949 if (last->icon_count == MAX_OSU_VALS)
1950 continue;
1951 icon = &last->icon[last->icon_count++];
1952 icon->id = atoi(buf + 5);
1953 pos = strchr(buf, ':');
1954 if (pos == NULL)
1955 continue;
1956 pos = strchr(pos + 1, ':');
1957 if (pos == NULL)
1958 continue;
1959 pos = strchr(pos + 1, ':');
1960 if (pos == NULL)
1961 continue;
1962 pos++;
1963 end = strchr(pos, ':');
1964 if (!end)
1965 continue;
1966 *end = '\0';
1967 snprintf(icon->lang, sizeof(icon->lang), "%s", pos);
1968 pos = end + 1;
1969
1970 end = strchr(pos, ':');
1971 if (end)
1972 *end = '\0';
1973 snprintf(icon->mime_type, sizeof(icon->mime_type),
1974 "%s", pos);
1975 if (!pos)
1976 continue;
1977 pos = end + 1;
1978
1979 end = strchr(pos, ':');
1980 if (end)
1981 *end = '\0';
1982 snprintf(icon->filename, sizeof(icon->filename),
1983 "%s", pos);
1984 continue;
1985 }
1986 }
1987
1988 fclose(f);
1989
1990 *count = osu_count;
1991 return osu;
1992 }
1993
1994
1995 static int osu_connect(struct hs20_osu_client *ctx, const char *bssid,
1996 const char *ssid, const char *url, const char *ca_fname,
1997 unsigned int methods, int no_prod_assoc,
1998 const char *osu_nai)
1999 {
2000 int id;
2001 const char *ifname = ctx->ifname;
2002 char buf[200];
2003 struct wpa_ctrl *mon;
2004 int res;
2005
2006 id = add_network(ifname);
2007 if (id < 0)
2008 return -1;
2009 if (set_network_quoted(ifname, id, "ssid", ssid) < 0)
2010 return -1;
2011 if (osu_nai && os_strlen(osu_nai) > 0) {
2012 char dir[255], fname[300];
2013 if (getcwd(dir, sizeof(dir)) == NULL)
2014 return -1;
2015 os_snprintf(fname, sizeof(fname), "%s/osu-ca.pem", dir);
2016
2017 if (set_network(ifname, id, "proto", "OSEN") < 0 ||
2018 set_network(ifname, id, "key_mgmt", "OSEN") < 0 ||
2019 set_network(ifname, id, "pairwise", "CCMP") < 0 ||
2020 set_network(ifname, id, "group", "GTK_NOT_USED") < 0 ||
2021 set_network(ifname, id, "eap", "WFA-UNAUTH-TLS") < 0 ||
2022 set_network(ifname, id, "ocsp", "2") < 0 ||
2023 set_network_quoted(ifname, id, "identity", osu_nai) < 0 ||
2024 set_network_quoted(ifname, id, "ca_cert", fname) < 0)
2025 return -1;
2026 } else {
2027 if (set_network(ifname, id, "key_mgmt", "NONE") < 0)
2028 return -1;
2029 }
2030
2031 mon = open_wpa_mon(ifname);
2032 if (mon == NULL)
2033 return -1;
2034
2035 wpa_printf(MSG_INFO, "Associate with OSU SSID");
2036 write_summary(ctx, "Associate with OSU SSID");
2037 snprintf(buf, sizeof(buf), "SELECT_NETWORK %d", id);
2038 if (wpa_command(ifname, buf) < 0)
2039 return -1;
2040
2041 res = get_wpa_cli_event(mon, "CTRL-EVENT-CONNECTED",
2042 buf, sizeof(buf));
2043
2044 wpa_ctrl_detach(mon);
2045 wpa_ctrl_close(mon);
2046
2047 if (res < 0) {
2048 wpa_printf(MSG_INFO, "Could not connect");
2049 write_summary(ctx, "Could not connect to OSU network");
2050 wpa_printf(MSG_INFO, "Remove OSU network connection");
2051 snprintf(buf, sizeof(buf), "REMOVE_NETWORK %d", id);
2052 wpa_command(ifname, buf);
2053 return -1;
2054 }
2055
2056 write_summary(ctx, "Waiting for IP address for subscription registration");
2057 if (wait_ip_addr(ifname, 15) < 0) {
2058 wpa_printf(MSG_INFO, "Could not get IP address for WLAN - try connection anyway");
2059 }
2060
2061 if (no_prod_assoc) {
2062 if (res < 0)
2063 return -1;
2064 wpa_printf(MSG_INFO, "No production connection used for testing purposes");
2065 write_summary(ctx, "No production connection used for testing purposes");
2066 return 0;
2067 }
2068
2069 ctx->no_reconnect = 1;
2070 if (methods & 0x02)
2071 res = cmd_prov(ctx, url, ca_fname);
2072 else if (methods & 0x01)
2073 res = cmd_oma_dm_prov(ctx, url, ca_fname);
2074
2075 wpa_printf(MSG_INFO, "Remove OSU network connection");
2076 write_summary(ctx, "Remove OSU network connection");
2077 snprintf(buf, sizeof(buf), "REMOVE_NETWORK %d", id);
2078 wpa_command(ifname, buf);
2079
2080 if (res < 0)
2081 return -1;
2082
2083 wpa_printf(MSG_INFO, "Requesting reconnection with updated configuration");
2084 write_summary(ctx, "Requesting reconnection with updated configuration");
2085 if (wpa_command(ctx->ifname, "INTERWORKING_SELECT auto") < 0) {
2086 wpa_printf(MSG_INFO, "Failed to request wpa_supplicant to reconnect");
2087 write_summary(ctx, "Failed to request wpa_supplicant to reconnect");
2088 return -1;
2089 }
2090
2091 return 0;
2092 }
2093
2094
2095 static int cmd_osu_select(struct hs20_osu_client *ctx, const char *dir,
2096 int connect, const char *ca_fname, int no_prod_assoc,
2097 const char *friendly_name)
2098 {
2099 char fname[255];
2100 FILE *f;
2101 struct osu_data *osu = NULL, *last = NULL;
2102 size_t osu_count, i, j;
2103 int ret;
2104
2105 write_summary(ctx, "OSU provider selection");
2106
2107 if (dir == NULL) {
2108 wpa_printf(MSG_INFO, "Missing dir parameter to osu_select");
2109 return -1;
2110 }
2111
2112 snprintf(fname, sizeof(fname), "%s/osu-providers.txt", dir);
2113 osu = parse_osu_providers(fname, &osu_count);
2114 if (osu == NULL) {
2115 wpa_printf(MSG_INFO, "Could not any OSU providers from %s",
2116 fname);
2117 write_result(ctx, "No OSU providers available");
2118 return -1;
2119 }
2120
2121 if (friendly_name) {
2122 for (i = 0; i < osu_count; i++) {
2123 last = &osu[i];
2124 for (j = 0; j < last->friendly_name_count; j++) {
2125 if (os_strcmp(last->friendly_name[j].text,
2126 friendly_name) == 0)
2127 break;
2128 }
2129 if (j < last->friendly_name_count)
2130 break;
2131 }
2132 if (i == osu_count) {
2133 wpa_printf(MSG_INFO, "Requested operator friendly name '%s' not found in the list of available providers",
2134 friendly_name);
2135 write_summary(ctx, "Requested operator friendly name '%s' not found in the list of available providers",
2136 friendly_name);
2137 free(osu);
2138 return -1;
2139 }
2140
2141 wpa_printf(MSG_INFO, "OSU Provider selected based on requested operator friendly name '%s'",
2142 friendly_name);
2143 write_summary(ctx, "OSU Provider selected based on requested operator friendly name '%s'",
2144 friendly_name);
2145 ret = i + 1;
2146 goto selected;
2147 }
2148
2149 snprintf(fname, sizeof(fname), "%s/osu-providers.html", dir);
2150 f = fopen(fname, "w");
2151 if (f == NULL) {
2152 wpa_printf(MSG_INFO, "Could not open %s", fname);
2153 free(osu);
2154 return -1;
2155 }
2156
2157 fprintf(f, "<html><head>"
2158 "<meta http-equiv=\"Content-type\" content=\"text/html; "
2159 "charset=utf-8\"<title>Select service operator</title>"
2160 "</head><body><h1>Select service operator</h1>\n");
2161
2162 if (osu_count == 0)
2163 fprintf(f, "No online signup available\n");
2164
2165 for (i = 0; i < osu_count; i++) {
2166 last = &osu[i];
2167 #ifdef ANDROID
2168 fprintf(f, "<p>\n"
2169 "<a href=\"http://localhost:12345/osu/%d\">"
2170 "<table><tr><td>", (int) i + 1);
2171 #else /* ANDROID */
2172 fprintf(f, "<p>\n"
2173 "<a href=\"osu://%d\">"
2174 "<table><tr><td>", (int) i + 1);
2175 #endif /* ANDROID */
2176 for (j = 0; j < last->icon_count; j++) {
2177 fprintf(f, "<img src=\"osu-icon-%d.%s\">\n",
2178 last->icon[j].id,
2179 strcasecmp(last->icon[j].mime_type,
2180 "image/png") == 0 ? "png" : "icon");
2181 }
2182 fprintf(f, "<td>");
2183 for (j = 0; j < last->friendly_name_count; j++) {
2184 fprintf(f, "<small>[%s]</small> %s<br>\n",
2185 last->friendly_name[j].lang,
2186 last->friendly_name[j].text);
2187 }
2188 fprintf(f, "<tr><td colspan=2>");
2189 for (j = 0; j < last->serv_desc_count; j++) {
2190 fprintf(f, "<small>[%s]</small> %s<br>\n",
2191 last->serv_desc[j].lang,
2192 last->serv_desc[j].text);
2193 }
2194 fprintf(f, "</table></a><br><small>BSSID: %s<br>\n"
2195 "SSID: %s<br>\n",
2196 last->bssid, last->osu_ssid);
2197 if (last->osu_nai)
2198 fprintf(f, "NAI: %s<br>\n", last->osu_nai);
2199 fprintf(f, "URL: %s<br>\n"
2200 "methods:%s%s<br>\n"
2201 "</small></p>\n",
2202 last->url,
2203 last->methods & 0x01 ? " OMA-DM" : "",
2204 last->methods & 0x02 ? " SOAP-XML-SPP" : "");
2205 }
2206
2207 fprintf(f, "</body></html>\n");
2208
2209 fclose(f);
2210
2211 snprintf(fname, sizeof(fname), "file://%s/osu-providers.html", dir);
2212 write_summary(ctx, "Start web browser with OSU provider selection page");
2213 ret = hs20_web_browser(fname);
2214
2215 selected:
2216 if (ret > 0 && (size_t) ret <= osu_count) {
2217 char *data;
2218 size_t data_len;
2219
2220 wpa_printf(MSG_INFO, "Selected OSU id=%d", ret);
2221 last = &osu[ret - 1];
2222 ret = 0;
2223 wpa_printf(MSG_INFO, "BSSID: %s", last->bssid);
2224 wpa_printf(MSG_INFO, "SSID: %s", last->osu_ssid);
2225 wpa_printf(MSG_INFO, "URL: %s", last->url);
2226 write_summary(ctx, "Selected OSU provider id=%d BSSID=%s SSID=%s URL=%s",
2227 ret, last->bssid, last->osu_ssid, last->url);
2228
2229 ctx->friendly_name_count = last->friendly_name_count;
2230 for (j = 0; j < last->friendly_name_count; j++) {
2231 wpa_printf(MSG_INFO, "FRIENDLY_NAME: [%s]%s",
2232 last->friendly_name[j].lang,
2233 last->friendly_name[j].text);
2234 os_strlcpy(ctx->friendly_name[j].lang,
2235 last->friendly_name[j].lang,
2236 sizeof(ctx->friendly_name[j].lang));
2237 os_strlcpy(ctx->friendly_name[j].text,
2238 last->friendly_name[j].text,
2239 sizeof(ctx->friendly_name[j].text));
2240 }
2241
2242 ctx->icon_count = last->icon_count;
2243 for (j = 0; j < last->icon_count; j++) {
2244 char fname[256];
2245
2246 os_snprintf(fname, sizeof(fname), "%s/osu-icon-%d.%s",
2247 dir, last->icon[j].id,
2248 strcasecmp(last->icon[j].mime_type,
2249 "image/png") == 0 ?
2250 "png" : "icon");
2251 wpa_printf(MSG_INFO, "ICON: %s (%s)",
2252 fname, last->icon[j].filename);
2253 os_strlcpy(ctx->icon_filename[j],
2254 last->icon[j].filename,
2255 sizeof(ctx->icon_filename[j]));
2256
2257 data = os_readfile(fname, &data_len);
2258 if (data) {
2259 sha256_vector(1, (const u8 **) &data, &data_len,
2260 ctx->icon_hash[j]);
2261 os_free(data);
2262 }
2263 }
2264
2265 if (connect == 2) {
2266 if (last->methods & 0x02)
2267 ret = cmd_prov(ctx, last->url, ca_fname);
2268 else if (last->methods & 0x01)
2269 ret = cmd_oma_dm_prov(ctx, last->url, ca_fname);
2270 else
2271 ret = -1;
2272 } else if (connect)
2273 ret = osu_connect(ctx, last->bssid, last->osu_ssid,
2274 last->url, ca_fname, last->methods,
2275 no_prod_assoc, last->osu_nai);
2276 } else
2277 ret = -1;
2278
2279 free(osu);
2280
2281 return ret;
2282 }
2283
2284
2285 static int cmd_signup(struct hs20_osu_client *ctx, const char *ca_fname,
2286 int no_prod_assoc, const char *friendly_name)
2287 {
2288 char dir[255];
2289 char fname[300], buf[400];
2290 struct wpa_ctrl *mon;
2291 const char *ifname;
2292 int res;
2293
2294 ifname = ctx->ifname;
2295
2296 if (getcwd(dir, sizeof(dir)) == NULL)
2297 return -1;
2298
2299 snprintf(fname, sizeof(fname), "%s/osu-info", dir);
2300 if (mkdir(fname, S_IRWXU | S_IRWXG) < 0 && errno != EEXIST) {
2301 wpa_printf(MSG_INFO, "mkdir(%s) failed: %s",
2302 fname, strerror(errno));
2303 return -1;
2304 }
2305
2306 snprintf(buf, sizeof(buf), "SET osu_dir %s", fname);
2307 if (wpa_command(ifname, buf) < 0) {
2308 wpa_printf(MSG_INFO, "Failed to configure osu_dir to wpa_supplicant");
2309 return -1;
2310 }
2311
2312 mon = open_wpa_mon(ifname);
2313 if (mon == NULL)
2314 return -1;
2315
2316 wpa_printf(MSG_INFO, "Starting OSU fetch");
2317 write_summary(ctx, "Starting OSU provider information fetch");
2318 if (wpa_command(ifname, "FETCH_OSU") < 0) {
2319 wpa_printf(MSG_INFO, "Could not start OSU fetch");
2320 wpa_ctrl_detach(mon);
2321 wpa_ctrl_close(mon);
2322 return -1;
2323 }
2324 res = get_wpa_cli_event(mon, "OSU provider fetch completed",
2325 buf, sizeof(buf));
2326
2327 wpa_ctrl_detach(mon);
2328 wpa_ctrl_close(mon);
2329
2330 if (res < 0) {
2331 wpa_printf(MSG_INFO, "OSU fetch did not complete");
2332 write_summary(ctx, "OSU fetch did not complete");
2333 return -1;
2334 }
2335 wpa_printf(MSG_INFO, "OSU provider fetch completed");
2336
2337 return cmd_osu_select(ctx, fname, 1, ca_fname, no_prod_assoc,
2338 friendly_name);
2339 }
2340
2341
2342 static void cmd_sub_rem(struct hs20_osu_client *ctx, const char *address,
2343 const char *pps_fname, const char *ca_fname)
2344 {
2345 xml_node_t *pps, *node;
2346 char pps_fname_buf[300];
2347 char ca_fname_buf[200];
2348 char *cred_username = NULL;
2349 char *cred_password = NULL;
2350 char *sub_rem_uri = NULL;
2351 char client_cert_buf[200];
2352 char *client_cert = NULL;
2353 char client_key_buf[200];
2354 char *client_key = NULL;
2355 int spp;
2356
2357 ctx->ca_fname = ca_fname;
2358
2359 wpa_printf(MSG_INFO, "Subscription remediation requested with Server URL: %s",
2360 address);
2361
2362 if (!pps_fname) {
2363 char buf[256];
2364 wpa_printf(MSG_INFO, "Determining PPS file based on Home SP information");
2365 if (os_strncmp(address, "fqdn=", 5) == 0) {
2366 wpa_printf(MSG_INFO, "Use requested FQDN from command line");
2367 os_snprintf(buf, sizeof(buf), "%s", address + 5);
2368 address = NULL;
2369 } else if (get_wpa_status(ctx->ifname, "provisioning_sp", buf,
2370 sizeof(buf)) < 0) {
2371 wpa_printf(MSG_INFO, "Could not get provisioning Home SP FQDN from wpa_supplicant");
2372 return;
2373 }
2374 os_free(ctx->fqdn);
2375 ctx->fqdn = os_strdup(buf);
2376 if (ctx->fqdn == NULL)
2377 return;
2378 wpa_printf(MSG_INFO, "Home SP FQDN for current credential: %s",
2379 buf);
2380 os_snprintf(pps_fname_buf, sizeof(pps_fname_buf),
2381 "SP/%s/pps.xml", ctx->fqdn);
2382 pps_fname = pps_fname_buf;
2383
2384 os_snprintf(ca_fname_buf, sizeof(ca_fname_buf), "SP/%s/ca.pem",
2385 ctx->fqdn);
2386 ca_fname = ca_fname_buf;
2387 }
2388
2389 if (!os_file_exists(pps_fname)) {
2390 wpa_printf(MSG_INFO, "PPS file '%s' does not exist or is not accessible",
2391 pps_fname);
2392 return;
2393 }
2394 wpa_printf(MSG_INFO, "Using PPS file: %s", pps_fname);
2395
2396 if (ca_fname && !os_file_exists(ca_fname)) {
2397 wpa_printf(MSG_INFO, "CA file '%s' does not exist or is not accessible",
2398 ca_fname);
2399 return;
2400 }
2401 wpa_printf(MSG_INFO, "Using server trust root: %s", ca_fname);
2402
2403 pps = node_from_file(ctx->xml, pps_fname);
2404 if (pps == NULL) {
2405 wpa_printf(MSG_INFO, "Could not read PPS MO");
2406 return;
2407 }
2408
2409 if (!ctx->fqdn) {
2410 char *tmp;
2411 node = get_child_node(ctx->xml, pps, "HomeSP/FQDN");
2412 if (node == NULL) {
2413 wpa_printf(MSG_INFO, "No HomeSP/FQDN found from PPS");
2414 return;
2415 }
2416 tmp = xml_node_get_text(ctx->xml, node);
2417 if (tmp == NULL) {
2418 wpa_printf(MSG_INFO, "No HomeSP/FQDN text found from PPS");
2419 return;
2420 }
2421 ctx->fqdn = os_strdup(tmp);
2422 xml_node_get_text_free(ctx->xml, tmp);
2423 if (!ctx->fqdn) {
2424 wpa_printf(MSG_INFO, "No FQDN known");
2425 return;
2426 }
2427 }
2428
2429 node = get_child_node(ctx->xml, pps,
2430 "SubscriptionUpdate/UpdateMethod");
2431 if (node) {
2432 char *tmp;
2433 tmp = xml_node_get_text(ctx->xml, node);
2434 if (tmp && os_strcasecmp(tmp, "OMA-DM-ClientInitiated") == 0)
2435 spp = 0;
2436 else
2437 spp = 1;
2438 } else {
2439 wpa_printf(MSG_INFO, "No UpdateMethod specified - assume SPP");
2440 spp = 1;
2441 }
2442
2443 get_user_pw(ctx, pps, "SubscriptionUpdate/UsernamePassword",
2444 &cred_username, &cred_password);
2445 if (cred_username)
2446 wpa_printf(MSG_INFO, "Using username: %s", cred_username);
2447 if (cred_password)
2448 wpa_printf(MSG_DEBUG, "Using password: %s", cred_password);
2449
2450 if (cred_username == NULL && cred_password == NULL &&
2451 get_child_node(ctx->xml, pps, "Credential/DigitalCertificate")) {
2452 wpa_printf(MSG_INFO, "Using client certificate");
2453 os_snprintf(client_cert_buf, sizeof(client_cert_buf),
2454 "SP/%s/client-cert.pem", ctx->fqdn);
2455 client_cert = client_cert_buf;
2456 os_snprintf(client_key_buf, sizeof(client_key_buf),
2457 "SP/%s/client-key.pem", ctx->fqdn);
2458 client_key = client_key_buf;
2459 ctx->client_cert_present = 1;
2460 }
2461
2462 node = get_child_node(ctx->xml, pps, "SubscriptionUpdate/URI");
2463 if (node) {
2464 sub_rem_uri = xml_node_get_text(ctx->xml, node);
2465 if (sub_rem_uri &&
2466 (!address || os_strcmp(address, sub_rem_uri) != 0)) {
2467 wpa_printf(MSG_INFO, "Override sub rem URI based on PPS: %s",
2468 sub_rem_uri);
2469 address = sub_rem_uri;
2470 }
2471 }
2472 if (!address) {
2473 wpa_printf(MSG_INFO, "Server URL not known");
2474 return;
2475 }
2476
2477 write_summary(ctx, "Wait for IP address for subscriptiom remediation");
2478 wpa_printf(MSG_INFO, "Wait for IP address before starting subscription remediation");
2479
2480 if (wait_ip_addr(ctx->ifname, 15) < 0) {
2481 wpa_printf(MSG_INFO, "Could not get IP address for WLAN - try connection anyway");
2482 }
2483
2484 if (spp)
2485 spp_sub_rem(ctx, address, pps_fname, ca_fname,
2486 client_cert, client_key,
2487 cred_username, cred_password, pps);
2488 else
2489 oma_dm_sub_rem(ctx, address, pps_fname, ca_fname,
2490 client_cert, client_key,
2491 cred_username, cred_password, pps);
2492
2493 xml_node_get_text_free(ctx->xml, sub_rem_uri);
2494 xml_node_get_text_free(ctx->xml, cred_username);
2495 os_free(cred_password);
2496 xml_node_free(ctx->xml, pps);
2497 }
2498
2499
2500 static int cmd_pol_upd(struct hs20_osu_client *ctx, const char *address,
2501 const char *pps_fname, const char *ca_fname)
2502 {
2503 xml_node_t *pps;
2504 xml_node_t *node;
2505 char pps_fname_buf[300];
2506 char ca_fname_buf[200];
2507 char *uri = NULL;
2508 char *cred_username = NULL;
2509 char *cred_password = NULL;
2510 char client_cert_buf[200];
2511 char *client_cert = NULL;
2512 char client_key_buf[200];
2513 char *client_key = NULL;
2514 int spp;
2515
2516 wpa_printf(MSG_INFO, "Policy update requested");
2517
2518 if (!pps_fname) {
2519 char buf[256];
2520 wpa_printf(MSG_INFO, "Determining PPS file based on Home SP information");
2521 if (os_strncmp(address, "fqdn=", 5) == 0) {
2522 wpa_printf(MSG_INFO, "Use requested FQDN from command line");
2523 os_snprintf(buf, sizeof(buf), "%s", address + 5);
2524 address = NULL;
2525 } else if (get_wpa_status(ctx->ifname, "provisioning_sp", buf,
2526 sizeof(buf)) < 0) {
2527 wpa_printf(MSG_INFO, "Could not get provisioning Home SP FQDN from wpa_supplicant");
2528 return -1;
2529 }
2530 os_free(ctx->fqdn);
2531 ctx->fqdn = os_strdup(buf);
2532 if (ctx->fqdn == NULL)
2533 return -1;
2534 wpa_printf(MSG_INFO, "Home SP FQDN for current credential: %s",
2535 buf);
2536 os_snprintf(pps_fname_buf, sizeof(pps_fname_buf),
2537 "SP/%s/pps.xml", ctx->fqdn);
2538 pps_fname = pps_fname_buf;
2539
2540 os_snprintf(ca_fname_buf, sizeof(ca_fname_buf), "SP/%s/ca.pem",
2541 buf);
2542 ca_fname = ca_fname_buf;
2543 }
2544
2545 if (!os_file_exists(pps_fname)) {
2546 wpa_printf(MSG_INFO, "PPS file '%s' does not exist or is not accessible",
2547 pps_fname);
2548 return -1;
2549 }
2550 wpa_printf(MSG_INFO, "Using PPS file: %s", pps_fname);
2551
2552 if (ca_fname && !os_file_exists(ca_fname)) {
2553 wpa_printf(MSG_INFO, "CA file '%s' does not exist or is not accessible",
2554 ca_fname);
2555 return -1;
2556 }
2557 wpa_printf(MSG_INFO, "Using server trust root: %s", ca_fname);
2558
2559 pps = node_from_file(ctx->xml, pps_fname);
2560 if (pps == NULL) {
2561 wpa_printf(MSG_INFO, "Could not read PPS MO");
2562 return -1;
2563 }
2564
2565 if (!ctx->fqdn) {
2566 char *tmp;
2567 node = get_child_node(ctx->xml, pps, "HomeSP/FQDN");
2568 if (node == NULL) {
2569 wpa_printf(MSG_INFO, "No HomeSP/FQDN found from PPS");
2570 return -1;
2571 }
2572 tmp = xml_node_get_text(ctx->xml, node);
2573 if (tmp == NULL) {
2574 wpa_printf(MSG_INFO, "No HomeSP/FQDN text found from PPS");
2575 return -1;
2576 }
2577 ctx->fqdn = os_strdup(tmp);
2578 xml_node_get_text_free(ctx->xml, tmp);
2579 if (!ctx->fqdn) {
2580 wpa_printf(MSG_INFO, "No FQDN known");
2581 return -1;
2582 }
2583 }
2584
2585 node = get_child_node(ctx->xml, pps,
2586 "Policy/PolicyUpdate/UpdateMethod");
2587 if (node) {
2588 char *tmp;
2589 tmp = xml_node_get_text(ctx->xml, node);
2590 if (tmp && os_strcasecmp(tmp, "OMA-DM-ClientInitiated") == 0)
2591 spp = 0;
2592 else
2593 spp = 1;
2594 } else {
2595 wpa_printf(MSG_INFO, "No UpdateMethod specified - assume SPP");
2596 spp = 1;
2597 }
2598
2599 get_user_pw(ctx, pps, "Policy/PolicyUpdate/UsernamePassword",
2600 &cred_username, &cred_password);
2601 if (cred_username)
2602 wpa_printf(MSG_INFO, "Using username: %s", cred_username);
2603 if (cred_password)
2604 wpa_printf(MSG_DEBUG, "Using password: %s", cred_password);
2605
2606 if (cred_username == NULL && cred_password == NULL &&
2607 get_child_node(ctx->xml, pps, "Credential/DigitalCertificate")) {
2608 wpa_printf(MSG_INFO, "Using client certificate");
2609 os_snprintf(client_cert_buf, sizeof(client_cert_buf),
2610 "SP/%s/client-cert.pem", ctx->fqdn);
2611 client_cert = client_cert_buf;
2612 os_snprintf(client_key_buf, sizeof(client_key_buf),
2613 "SP/%s/client-key.pem", ctx->fqdn);
2614 client_key = client_key_buf;
2615 }
2616
2617 if (!address) {
2618 node = get_child_node(ctx->xml, pps, "Policy/PolicyUpdate/URI");
2619 if (node) {
2620 uri = xml_node_get_text(ctx->xml, node);
2621 wpa_printf(MSG_INFO, "URI based on PPS: %s", uri);
2622 address = uri;
2623 }
2624 }
2625 if (!address) {
2626 wpa_printf(MSG_INFO, "Server URL not known");
2627 return -1;
2628 }
2629
2630 if (spp)
2631 spp_pol_upd(ctx, address, pps_fname, ca_fname,
2632 client_cert, client_key,
2633 cred_username, cred_password, pps);
2634 else
2635 oma_dm_pol_upd(ctx, address, pps_fname, ca_fname,
2636 client_cert, client_key,
2637 cred_username, cred_password, pps);
2638
2639 xml_node_get_text_free(ctx->xml, uri);
2640 xml_node_get_text_free(ctx->xml, cred_username);
2641 os_free(cred_password);
2642 xml_node_free(ctx->xml, pps);
2643
2644 return 0;
2645 }
2646
2647
2648 static char * get_hostname(const char *url)
2649 {
2650 const char *pos, *end, *end2;
2651 char *ret;
2652
2653 if (url == NULL)
2654 return NULL;
2655
2656 pos = os_strchr(url, '/');
2657 if (pos == NULL)
2658 return NULL;
2659 pos++;
2660 if (*pos != '/')
2661 return NULL;
2662 pos++;
2663
2664 end = os_strchr(pos, '/');
2665 end2 = os_strchr(pos, ':');
2666 if (end && end2 && end2 < end)
2667 end = end2;
2668 if (end)
2669 end--;
2670 else {
2671 end = pos;
2672 while (*end)
2673 end++;
2674 if (end > pos)
2675 end--;
2676 }
2677
2678 ret = os_malloc(end - pos + 2);
2679 if (ret == NULL)
2680 return NULL;
2681
2682 os_memcpy(ret, pos, end - pos + 1);
2683 ret[end - pos + 1] = '\0';
2684
2685 return ret;
2686 }
2687
2688
2689 static int osu_cert_cb(void *_ctx, struct http_cert *cert)
2690 {
2691 struct hs20_osu_client *ctx = _ctx;
2692 unsigned int i, j;
2693 int found;
2694 char *host = NULL;
2695
2696 wpa_printf(MSG_INFO, "osu_cert_cb");
2697
2698 host = get_hostname(ctx->server_url);
2699
2700 for (i = 0; i < ctx->server_dnsname_count; i++)
2701 os_free(ctx->server_dnsname[i]);
2702 os_free(ctx->server_dnsname);
2703 ctx->server_dnsname = os_calloc(cert->num_dnsname, sizeof(char *));
2704 ctx->server_dnsname_count = 0;
2705
2706 found = 0;
2707 for (i = 0; i < cert->num_dnsname; i++) {
2708 if (ctx->server_dnsname) {
2709 ctx->server_dnsname[ctx->server_dnsname_count] =
2710 os_strdup(cert->dnsname[i]);
2711 if (ctx->server_dnsname[ctx->server_dnsname_count])
2712 ctx->server_dnsname_count++;
2713 }
2714 if (host && os_strcasecmp(host, cert->dnsname[i]) == 0)
2715 found = 1;
2716 wpa_printf(MSG_INFO, "dNSName '%s'", cert->dnsname[i]);
2717 }
2718
2719 if (host && !found) {
2720 wpa_printf(MSG_INFO, "Server name from URL (%s) did not match any dNSName - abort connection",
2721 host);
2722 write_result(ctx, "Server name from URL (%s) did not match any dNSName - abort connection",
2723 host);
2724 os_free(host);
2725 return -1;
2726 }
2727
2728 os_free(host);
2729
2730 for (i = 0; i < cert->num_othername; i++) {
2731 if (os_strcmp(cert->othername[i].oid,
2732 "1.3.6.1.4.1.40808.1.1.1") == 0) {
2733 wpa_hexdump_ascii(MSG_INFO,
2734 "id-wfa-hotspot-friendlyName",
2735 cert->othername[i].data,
2736 cert->othername[i].len);
2737 }
2738 }
2739
2740 for (j = 0; j < ctx->friendly_name_count; j++) {
2741 int found = 0;
2742 for (i = 0; i < cert->num_othername; i++) {
2743 if (os_strcmp(cert->othername[i].oid,
2744 "1.3.6.1.4.1.40808.1.1.1") != 0)
2745 continue;
2746 if (cert->othername[i].len < 3)
2747 continue;
2748 if (os_strncasecmp((char *) cert->othername[i].data,
2749 ctx->friendly_name[j].lang, 3) != 0)
2750 continue;
2751 if (os_strncmp((char *) cert->othername[i].data + 3,
2752 ctx->friendly_name[j].text,
2753 cert->othername[i].len - 3) == 0) {
2754 found = 1;
2755 break;
2756 }
2757 }
2758
2759 if (!found) {
2760 wpa_printf(MSG_INFO, "No friendly name match found for '[%s]%s'",
2761 ctx->friendly_name[j].lang,
2762 ctx->friendly_name[j].text);
2763 write_result(ctx, "No friendly name match found for '[%s]%s'",
2764 ctx->friendly_name[j].lang,
2765 ctx->friendly_name[j].text);
2766 return -1;
2767 }
2768 }
2769
2770 for (i = 0; i < cert->num_logo; i++) {
2771 struct http_logo *logo = &cert->logo[i];
2772
2773 wpa_printf(MSG_INFO, "logo hash alg %s uri '%s'",
2774 logo->alg_oid, logo->uri);
2775 wpa_hexdump_ascii(MSG_INFO, "hashValue",
2776 logo->hash, logo->hash_len);
2777 }
2778
2779 for (j = 0; j < ctx->icon_count; j++) {
2780 int found = 0;
2781 char *name = ctx->icon_filename[j];
2782 size_t name_len = os_strlen(name);
2783
2784 wpa_printf(MSG_INFO, "Looking for icon file name '%s' match",
2785 name);
2786 for (i = 0; i < cert->num_logo; i++) {
2787 struct http_logo *logo = &cert->logo[i];
2788 size_t uri_len = os_strlen(logo->uri);
2789 char *pos;
2790
2791 wpa_printf(MSG_INFO, "Comparing to '%s' uri_len=%d name_len=%d",
2792 logo->uri, (int) uri_len, (int) name_len);
2793 if (uri_len < 1 + name_len)
2794 continue;
2795 pos = &logo->uri[uri_len - name_len - 1];
2796 if (*pos != '/')
2797 continue;
2798 pos++;
2799 if (os_strcmp(pos, name) == 0) {
2800 found = 1;
2801 break;
2802 }
2803 }
2804
2805 if (!found) {
2806 wpa_printf(MSG_INFO, "No icon filename match found for '%s'",
2807 name);
2808 write_result(ctx,
2809 "No icon filename match found for '%s'",
2810 name);
2811 return -1;
2812 }
2813 }
2814
2815 for (j = 0; j < ctx->icon_count; j++) {
2816 int found = 0;
2817
2818 for (i = 0; i < cert->num_logo; i++) {
2819 struct http_logo *logo = &cert->logo[i];
2820
2821 if (logo->hash_len != 32)
2822 continue;
2823 if (os_memcmp(logo->hash, ctx->icon_hash[j], 32) == 0) {
2824 found = 1;
2825 break;
2826 }
2827 }
2828
2829 if (!found) {
2830 wpa_printf(MSG_INFO, "No icon hash match found");
2831 write_result(ctx, "No icon hash match found");
2832 return -1;
2833 }
2834 }
2835
2836 return 0;
2837 }
2838
2839
2840 static int init_ctx(struct hs20_osu_client *ctx)
2841 {
2842 xml_node_t *devinfo, *devid;
2843
2844 os_memset(ctx, 0, sizeof(*ctx));
2845 ctx->ifname = "wlan0";
2846 ctx->xml = xml_node_init_ctx(ctx, NULL);
2847 if (ctx->xml == NULL)
2848 return -1;
2849
2850 devinfo = node_from_file(ctx->xml, "devinfo.xml");
2851 if (!devinfo) {
2852 wpa_printf(MSG_ERROR, "devinfo.xml not found");
2853 return -1;
2854 }
2855
2856 devid = get_node(ctx->xml, devinfo, "DevId");
2857 if (devid) {
2858 char *tmp = xml_node_get_text(ctx->xml, devid);
2859 if (tmp) {
2860 ctx->devid = os_strdup(tmp);
2861 xml_node_get_text_free(ctx->xml, tmp);
2862 }
2863 }
2864 xml_node_free(ctx->xml, devinfo);
2865
2866 if (ctx->devid == NULL) {
2867 wpa_printf(MSG_ERROR, "Could not fetch DevId from devinfo.xml");
2868 return -1;
2869 }
2870
2871 ctx->http = http_init_ctx(ctx, ctx->xml);
2872 if (ctx->http == NULL) {
2873 xml_node_deinit_ctx(ctx->xml);
2874 return -1;
2875 }
2876 http_ocsp_set(ctx->http, 2);
2877 http_set_cert_cb(ctx->http, osu_cert_cb, ctx);
2878
2879 return 0;
2880 }
2881
2882
2883 static void deinit_ctx(struct hs20_osu_client *ctx)
2884 {
2885 size_t i;
2886
2887 http_deinit_ctx(ctx->http);
2888 xml_node_deinit_ctx(ctx->xml);
2889 os_free(ctx->fqdn);
2890 os_free(ctx->server_url);
2891 os_free(ctx->devid);
2892
2893 for (i = 0; i < ctx->server_dnsname_count; i++)
2894 os_free(ctx->server_dnsname[i]);
2895 os_free(ctx->server_dnsname);
2896 }
2897
2898
2899 static void check_workarounds(struct hs20_osu_client *ctx)
2900 {
2901 FILE *f;
2902 char buf[100];
2903 unsigned long int val = 0;
2904
2905 f = fopen("hs20-osu-client.workarounds", "r");
2906 if (f == NULL)
2907 return;
2908
2909 if (fgets(buf, sizeof(buf), f))
2910 val = strtoul(buf, NULL, 16);
2911
2912 fclose(f);
2913
2914 if (val) {
2915 wpa_printf(MSG_INFO, "Workarounds enabled: 0x%lx", val);
2916 ctx->workarounds = val;
2917 if (ctx->workarounds & WORKAROUND_OCSP_OPTIONAL)
2918 http_ocsp_set(ctx->http, 1);
2919 }
2920 }
2921
2922
2923 static void usage(void)
2924 {
2925 printf("usage: hs20-osu-client [-dddqqKt] [-S<station ifname>] \\\n"
2926 " [-w<wpa_supplicant ctrl_iface dir>] "
2927 "[-r<result file>] [-f<debug file>] \\\n"
2928 " [-s<summary file>] \\\n"
2929 " <command> [arguments..]\n"
2930 "commands:\n"
2931 "- to_tnds <XML MO> <XML MO in TNDS format> [URN]\n"
2932 "- to_tnds2 <XML MO> <XML MO in TNDS format (Path) "
2933 "[URN]>\n"
2934 "- from_tnds <XML MO in TNDS format> <XML MO>\n"
2935 "- set_pps <PerProviderSubscription XML file name>\n"
2936 "- get_fqdn <PerProviderSubscription XML file name>\n"
2937 "- pol_upd [Server URL] [PPS] [CA cert]\n"
2938 "- sub_rem <Server URL> [PPS] [CA cert]\n"
2939 "- prov <Server URL> [CA cert]\n"
2940 "- oma_dm_prov <Server URL> [CA cert]\n"
2941 "- sim_prov <Server URL> [CA cert]\n"
2942 "- oma_dm_sim_prov <Server URL> [CA cert]\n"
2943 "- signup [CA cert]\n"
2944 "- dl_osu_ca <PPS> <CA file>\n"
2945 "- dl_polupd_ca <PPS> <CA file>\n"
2946 "- dl_aaa_ca <PPS> <CA file>\n"
2947 "- browser <URL>\n"
2948 "- osu_select <OSU info directory> [CA cert]\n");
2949 }
2950
2951
2952 int main(int argc, char *argv[])
2953 {
2954 struct hs20_osu_client ctx;
2955 int c;
2956 int ret = 0;
2957 int no_prod_assoc = 0;
2958 const char *friendly_name = NULL;
2959 const char *wpa_debug_file_path = NULL;
2960 extern char *wpas_ctrl_path;
2961 extern int wpa_debug_level;
2962 extern int wpa_debug_show_keys;
2963 extern int wpa_debug_timestamp;
2964
2965 if (init_ctx(&ctx) < 0)
2966 return -1;
2967
2968 for (;;) {
2969 c = getopt(argc, argv, "df:hi:KNO:qr:s:S:tw:");
2970 if (c < 0)
2971 break;
2972 switch (c) {
2973 case 'd':
2974 if (wpa_debug_level > 0)
2975 wpa_debug_level--;
2976 break;
2977 case 'f':
2978 wpa_debug_file_path = optarg;
2979 break;
2980 case 'K':
2981 wpa_debug_show_keys++;
2982 break;
2983 case 'N':
2984 no_prod_assoc = 1;
2985 break;
2986 case 'O':
2987 friendly_name = optarg;
2988 break;
2989 case 'q':
2990 wpa_debug_level++;
2991 break;
2992 case 'r':
2993 ctx.result_file = optarg;
2994 break;
2995 case 's':
2996 ctx.summary_file = optarg;
2997 break;
2998 case 'S':
2999 ctx.ifname = optarg;
3000 break;
3001 case 't':
3002 wpa_debug_timestamp++;
3003 break;
3004 case 'w':
3005 wpas_ctrl_path = optarg;
3006 break;
3007 case 'h':
3008 default:
3009 usage();
3010 exit(0);
3011 break;
3012 }
3013 }
3014
3015 if (argc - optind < 1) {
3016 usage();
3017 exit(0);
3018 }
3019
3020 wpa_debug_open_file(wpa_debug_file_path);
3021
3022 #ifdef __linux__
3023 setlinebuf(stdout);
3024 #endif /* __linux__ */
3025
3026 if (ctx.result_file)
3027 unlink(ctx.result_file);
3028 wpa_printf(MSG_DEBUG, "===[hs20-osu-client START - command: %s ]======"
3029 "================", argv[optind]);
3030 check_workarounds(&ctx);
3031
3032 if (strcmp(argv[optind], "to_tnds") == 0) {
3033 if (argc - optind < 2) {
3034 usage();
3035 exit(0);
3036 }
3037 cmd_to_tnds(&ctx, argv[optind + 1], argv[optind + 2],
3038 argc > optind + 3 ? argv[optind + 3] : NULL,
3039 0);
3040 } else if (strcmp(argv[optind], "to_tnds2") == 0) {
3041 if (argc - optind < 2) {
3042 usage();
3043 exit(0);
3044 }
3045 cmd_to_tnds(&ctx, argv[optind + 1], argv[optind + 2],
3046 argc > optind + 3 ? argv[optind + 3] : NULL,
3047 1);
3048 } else if (strcmp(argv[optind], "from_tnds") == 0) {
3049 if (argc - optind < 2) {
3050 usage();
3051 exit(0);
3052 }
3053 cmd_from_tnds(&ctx, argv[optind + 1], argv[optind + 2]);
3054 } else if (strcmp(argv[optind], "sub_rem") == 0) {
3055 if (argc - optind < 2) {
3056 usage();
3057 exit(0);
3058 }
3059 if (argc - optind < 2)
3060 wpa_printf(MSG_ERROR, "Server URL missing from command line");
3061 else
3062 cmd_sub_rem(&ctx, argv[optind + 1],
3063 argc > optind + 2 ? argv[optind + 2] : NULL,
3064 argc > optind + 3 ? argv[optind + 3] :
3065 NULL);
3066 } else if (strcmp(argv[optind], "pol_upd") == 0) {
3067 if (argc - optind < 2) {
3068 usage();
3069 exit(0);
3070 }
3071 ret = cmd_pol_upd(&ctx, argc > 2 ? argv[optind + 1] : NULL,
3072 argc > optind + 2 ? argv[optind + 2] : NULL,
3073 argc > optind + 3 ? argv[optind + 3] : NULL);
3074 } else if (strcmp(argv[optind], "prov") == 0) {
3075 if (argc - optind < 2) {
3076 usage();
3077 exit(0);
3078 }
3079 cmd_prov(&ctx, argv[optind + 1], argv[optind + 2]);
3080 } else if (strcmp(argv[optind], "sim_prov") == 0) {
3081 if (argc - optind < 2) {
3082 usage();
3083 exit(0);
3084 }
3085 cmd_sim_prov(&ctx, argv[optind + 1], argv[optind + 2]);
3086 } else if (strcmp(argv[optind], "dl_osu_ca") == 0) {
3087 if (argc - optind < 2) {
3088 usage();
3089 exit(0);
3090 }
3091 cmd_dl_osu_ca(&ctx, argv[optind + 1], argv[optind + 2]);
3092 } else if (strcmp(argv[optind], "dl_polupd_ca") == 0) {
3093 if (argc - optind < 2) {
3094 usage();
3095 exit(0);
3096 }
3097 cmd_dl_polupd_ca(&ctx, argv[optind + 1], argv[optind + 2]);
3098 } else if (strcmp(argv[optind], "dl_aaa_ca") == 0) {
3099 if (argc - optind < 2) {
3100 usage();
3101 exit(0);
3102 }
3103 cmd_dl_aaa_ca(&ctx, argv[optind + 1], argv[optind + 2]);
3104 } else if (strcmp(argv[optind], "osu_select") == 0) {
3105 if (argc - optind < 2) {
3106 usage();
3107 exit(0);
3108 }
3109 cmd_osu_select(&ctx, argv[optind + 1], 2,
3110 argc > optind + 2 ? argv[optind + 2] : NULL,
3111 1, NULL);
3112 } else if (strcmp(argv[optind], "signup") == 0) {
3113 ret = cmd_signup(&ctx,
3114 argc > optind + 1 ? argv[optind + 1] : NULL,
3115 no_prod_assoc, friendly_name);
3116 } else if (strcmp(argv[optind], "set_pps") == 0) {
3117 if (argc - optind < 2) {
3118 usage();
3119 exit(0);
3120 }
3121 cmd_set_pps(&ctx, argv[optind + 1]);
3122 } else if (strcmp(argv[optind], "get_fqdn") == 0) {
3123 if (argc - optind < 1) {
3124 usage();
3125 exit(0);
3126 }
3127 ret = cmd_get_fqdn(&ctx, argv[optind + 1]);
3128 } else if (strcmp(argv[optind], "oma_dm_prov") == 0) {
3129 if (argc - optind < 2) {
3130 usage();
3131 exit(0);
3132 }
3133 cmd_oma_dm_prov(&ctx, argv[optind + 1], argv[optind + 2]);
3134 } else if (strcmp(argv[optind], "oma_dm_sim_prov") == 0) {
3135 if (argc - optind < 2) {
3136 usage();
3137 exit(0);
3138 }
3139 if (cmd_oma_dm_sim_prov(&ctx, argv[optind + 1],
3140 argv[optind + 2]) < 0) {
3141 write_summary(&ctx, "Failed to complete OMA DM SIM provisioning");
3142 return -1;
3143 }
3144 } else if (strcmp(argv[optind], "oma_dm_add") == 0) {
3145 if (argc - optind < 2) {
3146 usage();
3147 exit(0);
3148 }
3149 cmd_oma_dm_add(&ctx, argv[optind + 1], argv[optind + 2]);
3150 } else if (strcmp(argv[optind], "oma_dm_replace") == 0) {
3151 if (argc - optind < 2) {
3152 usage();
3153 exit(0);
3154 }
3155 cmd_oma_dm_replace(&ctx, argv[optind + 1], argv[optind + 2]);
3156 } else if (strcmp(argv[optind], "est_csr") == 0) {
3157 if (argc - optind < 2) {
3158 usage();
3159 exit(0);
3160 }
3161 mkdir("Cert", S_IRWXU);
3162 est_build_csr(&ctx, argv[optind + 1]);
3163 } else if (strcmp(argv[optind], "browser") == 0) {
3164 int ret;
3165
3166 if (argc - optind < 2) {
3167 usage();
3168 exit(0);
3169 }
3170
3171 wpa_printf(MSG_INFO, "Launch web browser to URL %s",
3172 argv[optind + 1]);
3173 ret = hs20_web_browser(argv[optind + 1]);
3174 wpa_printf(MSG_INFO, "Web browser result: %d", ret);
3175 } else {
3176 wpa_printf(MSG_INFO, "Unknown command '%s'", argv[optind]);
3177 }
3178
3179 wpa_printf(MSG_DEBUG,
3180 "===[hs20-osu-client END ]======================");
3181
3182 wpa_debug_close_file();
3183 deinit_ctx(&ctx);
3184
3185 return ret;
3186 }
Unnamed repository; edit this file 'description' to name the repository.