1 /*
2 * Hotspot 2.0 OSU client
3 * Copyright (c) 2012-2014, Qualcomm Atheros, Inc.
4 *
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
7 */
8
9 #include "includes.h"
10 #include <time.h>
11 #include <sys/stat.h>
12
13 #include "common.h"
14 #include "utils/browser.h"
15 #include "utils/base64.h"
16 #include "utils/xml-utils.h"
17 #include "utils/http-utils.h"
18 #include "common/wpa_ctrl.h"
19 #include "common/wpa_helpers.h"
20 #include "eap_common/eap_defs.h"
21 #include "crypto/crypto.h"
22 #include "crypto/sha256.h"
23 #include "osu_client.h"
24
25 static void write_summary(struct hs20_osu_client *ctx, const char *fmt, ...);
26
write_result(struct hs20_osu_client * ctx,const char * fmt,...)27 static void write_result(struct hs20_osu_client *ctx, const char *fmt, ...)
28 {
29 va_list ap;
30 FILE *f;
31 char buf[500];
32
33 va_start(ap, fmt);
34 vsnprintf(buf, sizeof(buf), fmt, ap);
35 va_end(ap);
36 write_summary(ctx, "%s", buf);
37
38 if (!ctx->result_file)
39 return;
40
41 f = fopen(ctx->result_file, "w");
42 if (f == NULL)
43 return;
44
45 va_start(ap, fmt);
46 vfprintf(f, fmt, ap);
47 va_end(ap);
48 fprintf(f, "\n");
49 fclose(f);
50 }
51
52
write_summary(struct hs20_osu_client * ctx,const char * fmt,...)53 static void write_summary(struct hs20_osu_client *ctx, const char *fmt, ...)
54 {
55 va_list ap;
56 FILE *f;
57
58 if (!ctx->summary_file)
59 return;
60
61 f = fopen(ctx->summary_file, "a");
62 if (f == NULL)
63 return;
64
65 va_start(ap, fmt);
66 vfprintf(f, fmt, ap);
67 va_end(ap);
68 fprintf(f, "\n");
69 fclose(f);
70 }
71
72
73 #define TMP_CERT_DL_FILE "tmp-cert-download"
74
download_cert(struct hs20_osu_client * ctx,xml_node_t * params,const char * fname)75 static int download_cert(struct hs20_osu_client *ctx, xml_node_t *params,
76 const char *fname)
77 {
78 xml_node_t *url_node, *hash_node;
79 char *url, *hash;
80 char *cert;
81 size_t len;
82 u8 digest1[SHA256_MAC_LEN], digest2[SHA256_MAC_LEN];
83 int res;
84 char *b64;
85 FILE *f;
86
87 url_node = get_node(ctx->xml, params, "CertURL");
88 hash_node = get_node(ctx->xml, params, "CertSHA256Fingerprint");
89 if (url_node == NULL || hash_node == NULL)
90 return -1;
91 url = xml_node_get_text(ctx->xml, url_node);
92 hash = xml_node_get_text(ctx->xml, hash_node);
93 if (url == NULL || hash == NULL) {
94 xml_node_get_text_free(ctx->xml, url);
95 xml_node_get_text_free(ctx->xml, hash);
96 return -1;
97 }
98
99 wpa_printf(MSG_INFO, "CertURL: %s", url);
100 wpa_printf(MSG_INFO, "SHA256 hash: %s", hash);
101
102 if (hexstr2bin(hash, digest1, SHA256_MAC_LEN) < 0) {
103 wpa_printf(MSG_INFO, "Invalid SHA256 hash value");
104 write_result(ctx, "Invalid SHA256 hash value for downloaded certificate");
105 xml_node_get_text_free(ctx->xml, hash);
106 return -1;
107 }
108 xml_node_get_text_free(ctx->xml, hash);
109
110 write_summary(ctx, "Download certificate from %s", url);
111 http_ocsp_set(ctx->http, 1);
112 res = http_download_file(ctx->http, url, TMP_CERT_DL_FILE, NULL);
113 http_ocsp_set(ctx->http,
114 (ctx->workarounds & WORKAROUND_OCSP_OPTIONAL) ? 1 : 2);
115 xml_node_get_text_free(ctx->xml, url);
116 if (res < 0)
117 return -1;
118
119 cert = os_readfile(TMP_CERT_DL_FILE, &len);
120 remove(TMP_CERT_DL_FILE);
121 if (cert == NULL)
122 return -1;
123
124 if (sha256_vector(1, (const u8 **) &cert, &len, digest2) < 0) {
125 os_free(cert);
126 return -1;
127 }
128
129 if (os_memcmp(digest1, digest2, sizeof(digest1)) != 0) {
130 wpa_printf(MSG_INFO, "Downloaded certificate fingerprint did not match");
131 write_result(ctx, "Downloaded certificate fingerprint did not match");
132 os_free(cert);
133 return -1;
134 }
135
136 b64 = base64_encode(cert, len, NULL);
137 os_free(cert);
138 if (b64 == NULL)
139 return -1;
140
141 f = fopen(fname, "wb");
142 if (f == NULL) {
143 os_free(b64);
144 return -1;
145 }
146
147 fprintf(f, "-----BEGIN CERTIFICATE-----\n"
148 "%s"
149 "-----END CERTIFICATE-----\n",
150 b64);
151
152 os_free(b64);
153 fclose(f);
154
155 wpa_printf(MSG_INFO, "Downloaded certificate into %s and validated fingerprint",
156 fname);
157 write_summary(ctx, "Downloaded certificate into %s and validated fingerprint",
158 fname);
159
160 return 0;
161 }
162
163
cmd_dl_aaa_ca(struct hs20_osu_client * ctx,const char * pps_fname,const char * ca_fname)164 static int cmd_dl_aaa_ca(struct hs20_osu_client *ctx, const char *pps_fname,
165 const char *ca_fname)
166 {
167 xml_node_t *pps, *node, *aaa;
168 int ret;
169
170 pps = node_from_file(ctx->xml, pps_fname);
171 if (pps == NULL) {
172 wpa_printf(MSG_INFO, "Could not read or parse '%s'", pps_fname);
173 return -1;
174 }
175
176 node = get_child_node(ctx->xml, pps,
177 "AAAServerTrustRoot");
178 if (node == NULL) {
179 wpa_printf(MSG_INFO, "No AAAServerTrustRoot/CertURL found from PPS");
180 xml_node_free(ctx->xml, pps);
181 return -2;
182 }
183
184 aaa = xml_node_first_child(ctx->xml, node);
185 if (aaa == NULL) {
186 wpa_printf(MSG_INFO, "No AAAServerTrustRoot/CertURL found from PPS");
187 xml_node_free(ctx->xml, pps);
188 return -1;
189 }
190
191 ret = download_cert(ctx, aaa, ca_fname);
192 xml_node_free(ctx->xml, pps);
193
194 return ret;
195 }
196
197
198 /* Remove old credentials based on HomeSP/FQDN */
remove_sp_creds(struct hs20_osu_client * ctx,const char * fqdn)199 static void remove_sp_creds(struct hs20_osu_client *ctx, const char *fqdn)
200 {
201 char cmd[300];
202 os_snprintf(cmd, sizeof(cmd), "REMOVE_CRED provisioning_sp=%s", fqdn);
203 if (wpa_command(ctx->ifname, cmd) < 0)
204 wpa_printf(MSG_INFO, "Failed to remove old credential(s)");
205 }
206
207
set_pps_cred_policy_spe(struct hs20_osu_client * ctx,int id,xml_node_t * spe)208 static void set_pps_cred_policy_spe(struct hs20_osu_client *ctx, int id,
209 xml_node_t *spe)
210 {
211 xml_node_t *ssid;
212 char *txt;
213
214 ssid = get_node(ctx->xml, spe, "SSID");
215 if (ssid == NULL)
216 return;
217 txt = xml_node_get_text(ctx->xml, ssid);
218 if (txt == NULL)
219 return;
220 wpa_printf(MSG_DEBUG, "- Policy/SPExclusionList/<X+>/SSID = %s", txt);
221 if (set_cred_quoted(ctx->ifname, id, "excluded_ssid", txt) < 0)
222 wpa_printf(MSG_INFO, "Failed to set cred excluded_ssid");
223 xml_node_get_text_free(ctx->xml, txt);
224 }
225
226
set_pps_cred_policy_spel(struct hs20_osu_client * ctx,int id,xml_node_t * spel)227 static void set_pps_cred_policy_spel(struct hs20_osu_client *ctx, int id,
228 xml_node_t *spel)
229 {
230 xml_node_t *child;
231
232 xml_node_for_each_child(ctx->xml, child, spel) {
233 xml_node_for_each_check(ctx->xml, child);
234 set_pps_cred_policy_spe(ctx, id, child);
235 }
236 }
237
238
set_pps_cred_policy_prp(struct hs20_osu_client * ctx,int id,xml_node_t * prp)239 static void set_pps_cred_policy_prp(struct hs20_osu_client *ctx, int id,
240 xml_node_t *prp)
241 {
242 xml_node_t *node;
243 char *txt = NULL, *pos;
244 char *prio, *country_buf = NULL;
245 const char *country;
246 char val[200];
247 int priority;
248
249 node = get_node(ctx->xml, prp, "Priority");
250 if (node == NULL)
251 return;
252 prio = xml_node_get_text(ctx->xml, node);
253 if (prio == NULL)
254 return;
255 wpa_printf(MSG_INFO, "- Policy/PreferredRoamingPartnerList/<X+>/Priority = %s",
256 prio);
257 priority = atoi(prio);
258 xml_node_get_text_free(ctx->xml, prio);
259
260 node = get_node(ctx->xml, prp, "Country");
261 if (node) {
262 country_buf = xml_node_get_text(ctx->xml, node);
263 if (country_buf == NULL)
264 return;
265 country = country_buf;
266 wpa_printf(MSG_INFO, "- Policy/PreferredRoamingPartnerList/<X+>/Country = %s",
267 country);
268 } else {
269 country = "*";
270 }
271
272 node = get_node(ctx->xml, prp, "FQDN_Match");
273 if (node == NULL)
274 goto out;
275 txt = xml_node_get_text(ctx->xml, node);
276 if (txt == NULL)
277 goto out;
278 wpa_printf(MSG_INFO, "- Policy/PreferredRoamingPartnerList/<X+>/FQDN_Match = %s",
279 txt);
280 pos = strrchr(txt, ',');
281 if (pos == NULL)
282 goto out;
283 *pos++ = '\0';
284
285 snprintf(val, sizeof(val), "%s,%d,%d,%s", txt,
286 strcmp(pos, "includeSubdomains") != 0, priority, country);
287 if (set_cred_quoted(ctx->ifname, id, "roaming_partner", val) < 0)
288 wpa_printf(MSG_INFO, "Failed to set cred roaming_partner");
289 out:
290 xml_node_get_text_free(ctx->xml, country_buf);
291 xml_node_get_text_free(ctx->xml, txt);
292 }
293
294
set_pps_cred_policy_prpl(struct hs20_osu_client * ctx,int id,xml_node_t * prpl)295 static void set_pps_cred_policy_prpl(struct hs20_osu_client *ctx, int id,
296 xml_node_t *prpl)
297 {
298 xml_node_t *child;
299
300 xml_node_for_each_child(ctx->xml, child, prpl) {
301 xml_node_for_each_check(ctx->xml, child);
302 set_pps_cred_policy_prp(ctx, id, child);
303 }
304 }
305
306
set_pps_cred_policy_min_backhaul(struct hs20_osu_client * ctx,int id,xml_node_t * min_backhaul)307 static void set_pps_cred_policy_min_backhaul(struct hs20_osu_client *ctx, int id,
308 xml_node_t *min_backhaul)
309 {
310 xml_node_t *node;
311 char *type, *dl = NULL, *ul = NULL;
312 int home;
313
314 node = get_node(ctx->xml, min_backhaul, "NetworkType");
315 if (node == NULL) {
316 wpa_printf(MSG_INFO, "Ignore MinBackhaulThreshold without mandatory NetworkType node");
317 return;
318 }
319
320 type = xml_node_get_text(ctx->xml, node);
321 if (type == NULL)
322 return;
323 wpa_printf(MSG_INFO, "- Policy/MinBackhaulThreshold/<X+>/NetworkType = %s",
324 type);
325 if (os_strcasecmp(type, "home") == 0)
326 home = 1;
327 else if (os_strcasecmp(type, "roaming") == 0)
328 home = 0;
329 else {
330 wpa_printf(MSG_INFO, "Ignore MinBackhaulThreshold with invalid NetworkType");
331 xml_node_get_text_free(ctx->xml, type);
332 return;
333 }
334 xml_node_get_text_free(ctx->xml, type);
335
336 node = get_node(ctx->xml, min_backhaul, "DLBandwidth");
337 if (node)
338 dl = xml_node_get_text(ctx->xml, node);
339
340 node = get_node(ctx->xml, min_backhaul, "ULBandwidth");
341 if (node)
342 ul = xml_node_get_text(ctx->xml, node);
343
344 if (dl == NULL && ul == NULL) {
345 wpa_printf(MSG_INFO, "Ignore MinBackhaulThreshold without either DLBandwidth or ULBandwidth nodes");
346 return;
347 }
348
349 if (dl)
350 wpa_printf(MSG_INFO, "- Policy/MinBackhaulThreshold/<X+>/DLBandwidth = %s",
351 dl);
352 if (ul)
353 wpa_printf(MSG_INFO, "- Policy/MinBackhaulThreshold/<X+>/ULBandwidth = %s",
354 ul);
355
356 if (home) {
357 if (dl &&
358 set_cred(ctx->ifname, id, "min_dl_bandwidth_home", dl) < 0)
359 wpa_printf(MSG_INFO, "Failed to set cred bandwidth limit");
360 if (ul &&
361 set_cred(ctx->ifname, id, "min_ul_bandwidth_home", ul) < 0)
362 wpa_printf(MSG_INFO, "Failed to set cred bandwidth limit");
363 } else {
364 if (dl &&
365 set_cred(ctx->ifname, id, "min_dl_bandwidth_roaming", dl) <
366 0)
367 wpa_printf(MSG_INFO, "Failed to set cred bandwidth limit");
368 if (ul &&
369 set_cred(ctx->ifname, id, "min_ul_bandwidth_roaming", ul) <
370 0)
371 wpa_printf(MSG_INFO, "Failed to set cred bandwidth limit");
372 }
373
374 xml_node_get_text_free(ctx->xml, dl);
375 xml_node_get_text_free(ctx->xml, ul);
376 }
377
378
set_pps_cred_policy_min_backhaul_list(struct hs20_osu_client * ctx,int id,xml_node_t * node)379 static void set_pps_cred_policy_min_backhaul_list(struct hs20_osu_client *ctx,
380 int id, xml_node_t *node)
381 {
382 xml_node_t *child;
383
384 wpa_printf(MSG_INFO, "- Policy/MinBackhaulThreshold");
385
386 xml_node_for_each_child(ctx->xml, child, node) {
387 xml_node_for_each_check(ctx->xml, child);
388 set_pps_cred_policy_min_backhaul(ctx, id, child);
389 }
390 }
391
392
set_pps_cred_policy_update(struct hs20_osu_client * ctx,int id,xml_node_t * node)393 static void set_pps_cred_policy_update(struct hs20_osu_client *ctx, int id,
394 xml_node_t *node)
395 {
396 wpa_printf(MSG_INFO, "- Policy/PolicyUpdate");
397 /* Not used in wpa_supplicant */
398 }
399
400
set_pps_cred_policy_required_proto_port(struct hs20_osu_client * ctx,int id,xml_node_t * tuple)401 static void set_pps_cred_policy_required_proto_port(struct hs20_osu_client *ctx,
402 int id, xml_node_t *tuple)
403 {
404 xml_node_t *node;
405 char *proto, *port;
406 char *buf;
407 size_t buflen;
408
409 node = get_node(ctx->xml, tuple, "IPProtocol");
410 if (node == NULL) {
411 wpa_printf(MSG_INFO, "Ignore RequiredProtoPortTuple without mandatory IPProtocol node");
412 return;
413 }
414
415 proto = xml_node_get_text(ctx->xml, node);
416 if (proto == NULL)
417 return;
418
419 wpa_printf(MSG_INFO, "- Policy/RequiredProtoPortTuple/<X+>/IPProtocol = %s",
420 proto);
421
422 node = get_node(ctx->xml, tuple, "PortNumber");
423 port = node ? xml_node_get_text(ctx->xml, node) : NULL;
424 if (port) {
425 wpa_printf(MSG_INFO, "- Policy/RequiredProtoPortTuple/<X+>/PortNumber = %s",
426 port);
427 buflen = os_strlen(proto) + os_strlen(port) + 10;
428 buf = os_malloc(buflen);
429 if (buf)
430 os_snprintf(buf, buflen, "%s:%s", proto, port);
431 xml_node_get_text_free(ctx->xml, port);
432 } else {
433 buflen = os_strlen(proto) + 10;
434 buf = os_malloc(buflen);
435 if (buf)
436 os_snprintf(buf, buflen, "%s", proto);
437 }
438
439 xml_node_get_text_free(ctx->xml, proto);
440
441 if (buf == NULL)
442 return;
443
444 if (set_cred(ctx->ifname, id, "req_conn_capab", buf) < 0)
445 wpa_printf(MSG_INFO, "Could not set req_conn_capab");
446
447 os_free(buf);
448 }
449
450
set_pps_cred_policy_required_proto_ports(struct hs20_osu_client * ctx,int id,xml_node_t * node)451 static void set_pps_cred_policy_required_proto_ports(struct hs20_osu_client *ctx,
452 int id, xml_node_t *node)
453 {
454 xml_node_t *child;
455
456 wpa_printf(MSG_INFO, "- Policy/RequiredProtoPortTuple");
457
458 xml_node_for_each_child(ctx->xml, child, node) {
459 xml_node_for_each_check(ctx->xml, child);
460 set_pps_cred_policy_required_proto_port(ctx, id, child);
461 }
462 }
463
464
set_pps_cred_policy_max_bss_load(struct hs20_osu_client * ctx,int id,xml_node_t * node)465 static void set_pps_cred_policy_max_bss_load(struct hs20_osu_client *ctx, int id,
466 xml_node_t *node)
467 {
468 char *str = xml_node_get_text(ctx->xml, node);
469 if (str == NULL)
470 return;
471 wpa_printf(MSG_INFO, "- Policy/MaximumBSSLoadValue - %s", str);
472 if (set_cred(ctx->ifname, id, "max_bss_load", str) < 0)
473 wpa_printf(MSG_INFO, "Failed to set cred max_bss_load limit");
474 xml_node_get_text_free(ctx->xml, str);
475 }
476
477
set_pps_cred_policy(struct hs20_osu_client * ctx,int id,xml_node_t * node)478 static void set_pps_cred_policy(struct hs20_osu_client *ctx, int id,
479 xml_node_t *node)
480 {
481 xml_node_t *child;
482 const char *name;
483
484 wpa_printf(MSG_INFO, "- Policy");
485
486 xml_node_for_each_child(ctx->xml, child, node) {
487 xml_node_for_each_check(ctx->xml, child);
488 name = xml_node_get_localname(ctx->xml, child);
489 if (os_strcasecmp(name, "PreferredRoamingPartnerList") == 0)
490 set_pps_cred_policy_prpl(ctx, id, child);
491 else if (os_strcasecmp(name, "MinBackhaulThreshold") == 0)
492 set_pps_cred_policy_min_backhaul_list(ctx, id, child);
493 else if (os_strcasecmp(name, "PolicyUpdate") == 0)
494 set_pps_cred_policy_update(ctx, id, child);
495 else if (os_strcasecmp(name, "SPExclusionList") == 0)
496 set_pps_cred_policy_spel(ctx, id, child);
497 else if (os_strcasecmp(name, "RequiredProtoPortTuple") == 0)
498 set_pps_cred_policy_required_proto_ports(ctx, id, child);
499 else if (os_strcasecmp(name, "MaximumBSSLoadValue") == 0)
500 set_pps_cred_policy_max_bss_load(ctx, id, child);
501 else
502 wpa_printf(MSG_INFO, "Unknown Policy node '%s'", name);
503 }
504 }
505
506
set_pps_cred_priority(struct hs20_osu_client * ctx,int id,xml_node_t * node)507 static void set_pps_cred_priority(struct hs20_osu_client *ctx, int id,
508 xml_node_t *node)
509 {
510 char *str = xml_node_get_text(ctx->xml, node);
511 if (str == NULL)
512 return;
513 wpa_printf(MSG_INFO, "- CredentialPriority = %s", str);
514 if (set_cred(ctx->ifname, id, "sp_priority", str) < 0)
515 wpa_printf(MSG_INFO, "Failed to set cred sp_priority");
516 xml_node_get_text_free(ctx->xml, str);
517 }
518
519
set_pps_cred_aaa_server_trust_root(struct hs20_osu_client * ctx,int id,xml_node_t * node)520 static void set_pps_cred_aaa_server_trust_root(struct hs20_osu_client *ctx,
521 int id, xml_node_t *node)
522 {
523 wpa_printf(MSG_INFO, "- AAAServerTrustRoot - TODO");
524 }
525
526
set_pps_cred_sub_update(struct hs20_osu_client * ctx,int id,xml_node_t * node)527 static void set_pps_cred_sub_update(struct hs20_osu_client *ctx, int id,
528 xml_node_t *node)
529 {
530 wpa_printf(MSG_INFO, "- SubscriptionUpdate");
531 /* not used within wpa_supplicant */
532 }
533
534
set_pps_cred_home_sp_network_id(struct hs20_osu_client * ctx,int id,xml_node_t * node)535 static void set_pps_cred_home_sp_network_id(struct hs20_osu_client *ctx,
536 int id, xml_node_t *node)
537 {
538 xml_node_t *ssid_node, *hessid_node;
539 char *ssid, *hessid;
540
541 ssid_node = get_node(ctx->xml, node, "SSID");
542 if (ssid_node == NULL) {
543 wpa_printf(MSG_INFO, "Ignore HomeSP/NetworkID without mandatory SSID node");
544 return;
545 }
546
547 hessid_node = get_node(ctx->xml, node, "HESSID");
548
549 ssid = xml_node_get_text(ctx->xml, ssid_node);
550 if (ssid == NULL)
551 return;
552 hessid = hessid_node ? xml_node_get_text(ctx->xml, hessid_node) : NULL;
553
554 wpa_printf(MSG_INFO, "- HomeSP/NetworkID/<X+>/SSID = %s", ssid);
555 if (hessid)
556 wpa_printf(MSG_INFO, "- HomeSP/NetworkID/<X+>/HESSID = %s",
557 hessid);
558
559 /* TODO: Configure to wpa_supplicant */
560
561 xml_node_get_text_free(ctx->xml, ssid);
562 xml_node_get_text_free(ctx->xml, hessid);
563 }
564
565
set_pps_cred_home_sp_network_ids(struct hs20_osu_client * ctx,int id,xml_node_t * node)566 static void set_pps_cred_home_sp_network_ids(struct hs20_osu_client *ctx,
567 int id, xml_node_t *node)
568 {
569 xml_node_t *child;
570
571 wpa_printf(MSG_INFO, "- HomeSP/NetworkID");
572
573 xml_node_for_each_child(ctx->xml, child, node) {
574 xml_node_for_each_check(ctx->xml, child);
575 set_pps_cred_home_sp_network_id(ctx, id, child);
576 }
577 }
578
579
set_pps_cred_home_sp_friendly_name(struct hs20_osu_client * ctx,int id,xml_node_t * node)580 static void set_pps_cred_home_sp_friendly_name(struct hs20_osu_client *ctx,
581 int id, xml_node_t *node)
582 {
583 char *str = xml_node_get_text(ctx->xml, node);
584 if (str == NULL)
585 return;
586 wpa_printf(MSG_INFO, "- HomeSP/FriendlyName = %s", str);
587 /* not used within wpa_supplicant(?) */
588 xml_node_get_text_free(ctx->xml, str);
589 }
590
591
set_pps_cred_home_sp_icon_url(struct hs20_osu_client * ctx,int id,xml_node_t * node)592 static void set_pps_cred_home_sp_icon_url(struct hs20_osu_client *ctx,
593 int id, xml_node_t *node)
594 {
595 char *str = xml_node_get_text(ctx->xml, node);
596 if (str == NULL)
597 return;
598 wpa_printf(MSG_INFO, "- HomeSP/IconURL = %s", str);
599 /* not used within wpa_supplicant */
600 xml_node_get_text_free(ctx->xml, str);
601 }
602
603
set_pps_cred_home_sp_fqdn(struct hs20_osu_client * ctx,int id,xml_node_t * node)604 static void set_pps_cred_home_sp_fqdn(struct hs20_osu_client *ctx, int id,
605 xml_node_t *node)
606 {
607 char *str = xml_node_get_text(ctx->xml, node);
608 if (str == NULL)
609 return;
610 wpa_printf(MSG_INFO, "- HomeSP/FQDN = %s", str);
611 if (set_cred_quoted(ctx->ifname, id, "domain", str) < 0)
612 wpa_printf(MSG_INFO, "Failed to set cred domain");
613 if (set_cred_quoted(ctx->ifname, id, "domain_suffix_match", str) < 0)
614 wpa_printf(MSG_INFO, "Failed to set cred domain_suffix_match");
615 xml_node_get_text_free(ctx->xml, str);
616 }
617
618
set_pps_cred_home_sp_oi(struct hs20_osu_client * ctx,int id,xml_node_t * node)619 static void set_pps_cred_home_sp_oi(struct hs20_osu_client *ctx, int id,
620 xml_node_t *node)
621 {
622 xml_node_t *child;
623 const char *name;
624 char *homeoi = NULL;
625 int required = 0;
626 char *str;
627
628 xml_node_for_each_child(ctx->xml, child, node) {
629 xml_node_for_each_check(ctx->xml, child);
630 name = xml_node_get_localname(ctx->xml, child);
631 if (strcasecmp(name, "HomeOI") == 0 && !homeoi) {
632 homeoi = xml_node_get_text(ctx->xml, child);
633 wpa_printf(MSG_INFO, "- HomeSP/HomeOIList/<X+>/HomeOI = %s",
634 homeoi);
635 } else if (strcasecmp(name, "HomeOIRequired") == 0) {
636 str = xml_node_get_text(ctx->xml, child);
637 wpa_printf(MSG_INFO, "- HomeSP/HomeOIList/<X+>/HomeOIRequired = '%s'",
638 str);
639 if (str == NULL)
640 continue;
641 required = strcasecmp(str, "true") == 0;
642 xml_node_get_text_free(ctx->xml, str);
643 } else
644 wpa_printf(MSG_INFO, "Unknown HomeOIList node '%s'",
645 name);
646 }
647
648 if (homeoi == NULL) {
649 wpa_printf(MSG_INFO, "- HomeSP/HomeOIList/<X+> without HomeOI ignored");
650 return;
651 }
652
653 wpa_printf(MSG_INFO, "- HomeSP/HomeOIList/<X+> '%s' required=%d",
654 homeoi, required);
655
656 if (required) {
657 if (set_cred_quoted(ctx->ifname, id, "required_home_ois",
658 homeoi) < 0)
659 wpa_printf(MSG_INFO,
660 "Failed to set cred required_home_ois");
661 } else {
662 if (set_cred_quoted(ctx->ifname, id, "home_ois", homeoi) < 0)
663 wpa_printf(MSG_INFO, "Failed to set cred home_ois");
664 }
665
666 xml_node_get_text_free(ctx->xml, homeoi);
667 }
668
669
set_pps_cred_home_sp_oi_list(struct hs20_osu_client * ctx,int id,xml_node_t * node)670 static void set_pps_cred_home_sp_oi_list(struct hs20_osu_client *ctx, int id,
671 xml_node_t *node)
672 {
673 xml_node_t *child;
674
675 wpa_printf(MSG_INFO, "- HomeSP/HomeOIList");
676
677 xml_node_for_each_child(ctx->xml, child, node) {
678 xml_node_for_each_check(ctx->xml, child);
679 set_pps_cred_home_sp_oi(ctx, id, child);
680 }
681 }
682
683
set_pps_cred_home_sp_other_partner(struct hs20_osu_client * ctx,int id,xml_node_t * node)684 static void set_pps_cred_home_sp_other_partner(struct hs20_osu_client *ctx,
685 int id, xml_node_t *node)
686 {
687 xml_node_t *child;
688 const char *name;
689 char *fqdn = NULL;
690
691 xml_node_for_each_child(ctx->xml, child, node) {
692 xml_node_for_each_check(ctx->xml, child);
693 name = xml_node_get_localname(ctx->xml, child);
694 if (os_strcasecmp(name, "FQDN") == 0 && !fqdn) {
695 fqdn = xml_node_get_text(ctx->xml, child);
696 wpa_printf(MSG_INFO, "- HomeSP/OtherHomePartners/<X+>/FQDN = %s",
697 fqdn);
698 } else
699 wpa_printf(MSG_INFO, "Unknown OtherHomePartners node '%s'",
700 name);
701 }
702
703 if (fqdn == NULL) {
704 wpa_printf(MSG_INFO, "- HomeSP/OtherHomePartners/<X+> without FQDN ignored");
705 return;
706 }
707
708 if (set_cred_quoted(ctx->ifname, id, "domain", fqdn) < 0)
709 wpa_printf(MSG_INFO, "Failed to set cred domain for OtherHomePartners node");
710
711 xml_node_get_text_free(ctx->xml, fqdn);
712 }
713
714
set_pps_cred_home_sp_other_partners(struct hs20_osu_client * ctx,int id,xml_node_t * node)715 static void set_pps_cred_home_sp_other_partners(struct hs20_osu_client *ctx,
716 int id,
717 xml_node_t *node)
718 {
719 xml_node_t *child;
720
721 wpa_printf(MSG_INFO, "- HomeSP/OtherHomePartners");
722
723 xml_node_for_each_child(ctx->xml, child, node) {
724 xml_node_for_each_check(ctx->xml, child);
725 set_pps_cred_home_sp_other_partner(ctx, id, child);
726 }
727 }
728
729
set_pps_cred_home_sp_roaming_consortium_oi(struct hs20_osu_client * ctx,int id,xml_node_t * node)730 static void set_pps_cred_home_sp_roaming_consortium_oi(
731 struct hs20_osu_client *ctx, int id, xml_node_t *node)
732 {
733 char *str = xml_node_get_text(ctx->xml, node);
734 if (str == NULL)
735 return;
736 wpa_printf(MSG_INFO, "- HomeSP/RoamingConsortiumOI = %s", str);
737 if (set_cred_quoted(ctx->ifname, id, "roaming_consortiums",
738 str) < 0)
739 wpa_printf(MSG_INFO, "Failed to set cred roaming_consortiums");
740 xml_node_get_text_free(ctx->xml, str);
741 }
742
743
set_pps_cred_home_sp(struct hs20_osu_client * ctx,int id,xml_node_t * node)744 static void set_pps_cred_home_sp(struct hs20_osu_client *ctx, int id,
745 xml_node_t *node)
746 {
747 xml_node_t *child;
748 const char *name;
749
750 wpa_printf(MSG_INFO, "- HomeSP");
751
752 xml_node_for_each_child(ctx->xml, child, node) {
753 xml_node_for_each_check(ctx->xml, child);
754 name = xml_node_get_localname(ctx->xml, child);
755 if (os_strcasecmp(name, "NetworkID") == 0)
756 set_pps_cred_home_sp_network_ids(ctx, id, child);
757 else if (os_strcasecmp(name, "FriendlyName") == 0)
758 set_pps_cred_home_sp_friendly_name(ctx, id, child);
759 else if (os_strcasecmp(name, "IconURL") == 0)
760 set_pps_cred_home_sp_icon_url(ctx, id, child);
761 else if (os_strcasecmp(name, "FQDN") == 0)
762 set_pps_cred_home_sp_fqdn(ctx, id, child);
763 else if (os_strcasecmp(name, "HomeOIList") == 0)
764 set_pps_cred_home_sp_oi_list(ctx, id, child);
765 else if (os_strcasecmp(name, "OtherHomePartners") == 0)
766 set_pps_cred_home_sp_other_partners(ctx, id, child);
767 else if (os_strcasecmp(name, "RoamingConsortiumOI") == 0)
768 set_pps_cred_home_sp_roaming_consortium_oi(ctx, id,
769 child);
770 else
771 wpa_printf(MSG_INFO, "Unknown HomeSP node '%s'", name);
772 }
773 }
774
775
set_pps_cred_sub_params(struct hs20_osu_client * ctx,int id,xml_node_t * node)776 static void set_pps_cred_sub_params(struct hs20_osu_client *ctx, int id,
777 xml_node_t *node)
778 {
779 wpa_printf(MSG_INFO, "- SubscriptionParameters");
780 /* not used within wpa_supplicant */
781 }
782
783
set_pps_cred_creation_date(struct hs20_osu_client * ctx,int id,xml_node_t * node)784 static void set_pps_cred_creation_date(struct hs20_osu_client *ctx, int id,
785 xml_node_t *node)
786 {
787 char *str = xml_node_get_text(ctx->xml, node);
788 if (str == NULL)
789 return;
790 wpa_printf(MSG_INFO, "- Credential/CreationDate = %s", str);
791 /* not used within wpa_supplicant */
792 xml_node_get_text_free(ctx->xml, str);
793 }
794
795
set_pps_cred_expiration_date(struct hs20_osu_client * ctx,int id,xml_node_t * node)796 static void set_pps_cred_expiration_date(struct hs20_osu_client *ctx, int id,
797 xml_node_t *node)
798 {
799 char *str = xml_node_get_text(ctx->xml, node);
800 if (str == NULL)
801 return;
802 wpa_printf(MSG_INFO, "- Credential/ExpirationDate = %s", str);
803 /* not used within wpa_supplicant */
804 xml_node_get_text_free(ctx->xml, str);
805 }
806
807
set_pps_cred_username(struct hs20_osu_client * ctx,int id,xml_node_t * node)808 static void set_pps_cred_username(struct hs20_osu_client *ctx, int id,
809 xml_node_t *node)
810 {
811 char *str = xml_node_get_text(ctx->xml, node);
812 if (str == NULL)
813 return;
814 wpa_printf(MSG_INFO, "- Credential/UsernamePassword/Username = %s",
815 str);
816 if (set_cred_quoted(ctx->ifname, id, "username", str) < 0)
817 wpa_printf(MSG_INFO, "Failed to set cred username");
818 xml_node_get_text_free(ctx->xml, str);
819 }
820
821
set_pps_cred_password(struct hs20_osu_client * ctx,int id,xml_node_t * node)822 static void set_pps_cred_password(struct hs20_osu_client *ctx, int id,
823 xml_node_t *node)
824 {
825 int len, i;
826 char *pw, *hex, *pos, *end;
827
828 pw = xml_node_get_base64_text(ctx->xml, node, &len);
829 if (pw == NULL)
830 return;
831
832 wpa_printf(MSG_INFO, "- Credential/UsernamePassword/Password = %s", pw);
833
834 hex = malloc(len * 2 + 1);
835 if (hex == NULL) {
836 free(pw);
837 return;
838 }
839 end = hex + len * 2 + 1;
840 pos = hex;
841 for (i = 0; i < len; i++) {
842 snprintf(pos, end - pos, "%02x", pw[i]);
843 pos += 2;
844 }
845 free(pw);
846
847 if (set_cred(ctx->ifname, id, "password", hex) < 0)
848 wpa_printf(MSG_INFO, "Failed to set cred password");
849 free(hex);
850 }
851
852
set_pps_cred_machine_managed(struct hs20_osu_client * ctx,int id,xml_node_t * node)853 static void set_pps_cred_machine_managed(struct hs20_osu_client *ctx, int id,
854 xml_node_t *node)
855 {
856 char *str = xml_node_get_text(ctx->xml, node);
857 if (str == NULL)
858 return;
859 wpa_printf(MSG_INFO, "- Credential/UsernamePassword/MachineManaged = %s",
860 str);
861 /* not used within wpa_supplicant */
862 xml_node_get_text_free(ctx->xml, str);
863 }
864
865
set_pps_cred_soft_token_app(struct hs20_osu_client * ctx,int id,xml_node_t * node)866 static void set_pps_cred_soft_token_app(struct hs20_osu_client *ctx, int id,
867 xml_node_t *node)
868 {
869 char *str = xml_node_get_text(ctx->xml, node);
870 if (str == NULL)
871 return;
872 wpa_printf(MSG_INFO, "- Credential/UsernamePassword/SoftTokenApp = %s",
873 str);
874 /* not used within wpa_supplicant */
875 xml_node_get_text_free(ctx->xml, str);
876 }
877
878
set_pps_cred_able_to_share(struct hs20_osu_client * ctx,int id,xml_node_t * node)879 static void set_pps_cred_able_to_share(struct hs20_osu_client *ctx, int id,
880 xml_node_t *node)
881 {
882 char *str = xml_node_get_text(ctx->xml, node);
883 if (str == NULL)
884 return;
885 wpa_printf(MSG_INFO, "- Credential/UsernamePassword/AbleToShare = %s",
886 str);
887 /* not used within wpa_supplicant */
888 xml_node_get_text_free(ctx->xml, str);
889 }
890
891
set_pps_cred_eap_method_eap_type(struct hs20_osu_client * ctx,int id,xml_node_t * node)892 static void set_pps_cred_eap_method_eap_type(struct hs20_osu_client *ctx,
893 int id, xml_node_t *node)
894 {
895 char *str = xml_node_get_text(ctx->xml, node);
896 int type;
897 const char *eap_method = NULL;
898
899 if (!str)
900 return;
901 wpa_printf(MSG_INFO,
902 "- Credential/UsernamePassword/EAPMethod/EAPType = %s", str);
903 type = atoi(str);
904 switch (type) {
905 case EAP_TYPE_TLS:
906 eap_method = "TLS";
907 break;
908 case EAP_TYPE_TTLS:
909 eap_method = "TTLS";
910 break;
911 case EAP_TYPE_PEAP:
912 eap_method = "PEAP";
913 break;
914 case EAP_TYPE_PWD:
915 eap_method = "PWD";
916 break;
917 }
918 xml_node_get_text_free(ctx->xml, str);
919 if (!eap_method) {
920 wpa_printf(MSG_INFO, "Unknown EAPType value");
921 return;
922 }
923
924 if (set_cred(ctx->ifname, id, "eap", eap_method) < 0)
925 wpa_printf(MSG_INFO, "Failed to set cred eap");
926 }
927
928
set_pps_cred_eap_method_inner_method(struct hs20_osu_client * ctx,int id,xml_node_t * node)929 static void set_pps_cred_eap_method_inner_method(struct hs20_osu_client *ctx,
930 int id, xml_node_t *node)
931 {
932 char *str = xml_node_get_text(ctx->xml, node);
933 const char *phase2 = NULL;
934
935 if (!str)
936 return;
937 wpa_printf(MSG_INFO,
938 "- Credential/UsernamePassword/EAPMethod/InnerMethod = %s",
939 str);
940 if (os_strcmp(str, "PAP") == 0)
941 phase2 = "auth=PAP";
942 else if (os_strcmp(str, "CHAP") == 0)
943 phase2 = "auth=CHAP";
944 else if (os_strcmp(str, "MS-CHAP") == 0)
945 phase2 = "auth=MSCHAP";
946 else if (os_strcmp(str, "MS-CHAP-V2") == 0)
947 phase2 = "auth=MSCHAPV2";
948 xml_node_get_text_free(ctx->xml, str);
949 if (!phase2) {
950 wpa_printf(MSG_INFO, "Unknown InnerMethod value");
951 return;
952 }
953
954 if (set_cred_quoted(ctx->ifname, id, "phase2", phase2) < 0)
955 wpa_printf(MSG_INFO, "Failed to set cred phase2");
956 }
957
958
set_pps_cred_eap_method(struct hs20_osu_client * ctx,int id,xml_node_t * node)959 static void set_pps_cred_eap_method(struct hs20_osu_client *ctx, int id,
960 xml_node_t *node)
961 {
962 xml_node_t *child;
963 const char *name;
964
965 wpa_printf(MSG_INFO, "- Credential/UsernamePassword/EAPMethod");
966
967 xml_node_for_each_child(ctx->xml, child, node) {
968 xml_node_for_each_check(ctx->xml, child);
969 name = xml_node_get_localname(ctx->xml, child);
970 if (os_strcasecmp(name, "EAPType") == 0)
971 set_pps_cred_eap_method_eap_type(ctx, id, child);
972 else if (os_strcasecmp(name, "InnerMethod") == 0)
973 set_pps_cred_eap_method_inner_method(ctx, id, child);
974 else
975 wpa_printf(MSG_INFO, "Unknown Credential/UsernamePassword/EAPMethod node '%s'",
976 name);
977 }
978 }
979
980
set_pps_cred_username_password(struct hs20_osu_client * ctx,int id,xml_node_t * node)981 static void set_pps_cred_username_password(struct hs20_osu_client *ctx, int id,
982 xml_node_t *node)
983 {
984 xml_node_t *child;
985 const char *name;
986
987 wpa_printf(MSG_INFO, "- Credential/UsernamePassword");
988
989 xml_node_for_each_child(ctx->xml, child, node) {
990 xml_node_for_each_check(ctx->xml, child);
991 name = xml_node_get_localname(ctx->xml, child);
992 if (os_strcasecmp(name, "Username") == 0)
993 set_pps_cred_username(ctx, id, child);
994 else if (os_strcasecmp(name, "Password") == 0)
995 set_pps_cred_password(ctx, id, child);
996 else if (os_strcasecmp(name, "MachineManaged") == 0)
997 set_pps_cred_machine_managed(ctx, id, child);
998 else if (os_strcasecmp(name, "SoftTokenApp") == 0)
999 set_pps_cred_soft_token_app(ctx, id, child);
1000 else if (os_strcasecmp(name, "AbleToShare") == 0)
1001 set_pps_cred_able_to_share(ctx, id, child);
1002 else if (os_strcasecmp(name, "EAPMethod") == 0)
1003 set_pps_cred_eap_method(ctx, id, child);
1004 else
1005 wpa_printf(MSG_INFO, "Unknown Credential/UsernamePassword node '%s'",
1006 name);
1007 }
1008 }
1009
1010
set_pps_cred_digital_cert(struct hs20_osu_client * ctx,int id,xml_node_t * node,const char * fqdn)1011 static void set_pps_cred_digital_cert(struct hs20_osu_client *ctx, int id,
1012 xml_node_t *node, const char *fqdn)
1013 {
1014 char buf[200], dir[200];
1015 int res;
1016
1017 wpa_printf(MSG_INFO, "- Credential/DigitalCertificate");
1018
1019 if (getcwd(dir, sizeof(dir)) == NULL)
1020 return;
1021
1022 /* TODO: could build username from Subject of Subject AltName */
1023 if (set_cred_quoted(ctx->ifname, id, "username", "cert") < 0) {
1024 wpa_printf(MSG_INFO, "Failed to set username");
1025 }
1026
1027 res = os_snprintf(buf, sizeof(buf), "%s/SP/%s/client-cert.pem", dir,
1028 fqdn);
1029 if (os_snprintf_error(sizeof(buf), res))
1030 return;
1031 if (os_file_exists(buf)) {
1032 if (set_cred_quoted(ctx->ifname, id, "client_cert", buf) < 0) {
1033 wpa_printf(MSG_INFO, "Failed to set client_cert");
1034 }
1035 }
1036
1037 res = os_snprintf(buf, sizeof(buf), "%s/SP/%s/client-key.pem", dir,
1038 fqdn);
1039 if (os_snprintf_error(sizeof(buf), res))
1040 return;
1041 if (os_file_exists(buf)) {
1042 if (set_cred_quoted(ctx->ifname, id, "private_key", buf) < 0) {
1043 wpa_printf(MSG_INFO, "Failed to set private_key");
1044 }
1045 }
1046 }
1047
1048
set_pps_cred_realm(struct hs20_osu_client * ctx,int id,xml_node_t * node,const char * fqdn,int sim)1049 static void set_pps_cred_realm(struct hs20_osu_client *ctx, int id,
1050 xml_node_t *node, const char *fqdn, int sim)
1051 {
1052 char *str = xml_node_get_text(ctx->xml, node);
1053 char buf[200], dir[200];
1054 int res;
1055
1056 if (str == NULL)
1057 return;
1058
1059 wpa_printf(MSG_INFO, "- Credential/Realm = %s", str);
1060 if (set_cred_quoted(ctx->ifname, id, "realm", str) < 0)
1061 wpa_printf(MSG_INFO, "Failed to set cred realm");
1062 xml_node_get_text_free(ctx->xml, str);
1063
1064 if (sim)
1065 return;
1066
1067 if (getcwd(dir, sizeof(dir)) == NULL)
1068 return;
1069 res = os_snprintf(buf, sizeof(buf), "%s/SP/%s/aaa-ca.pem", dir, fqdn);
1070 if (os_snprintf_error(sizeof(buf), res))
1071 return;
1072 if (os_file_exists(buf)) {
1073 if (set_cred_quoted(ctx->ifname, id, "ca_cert", buf) < 0) {
1074 wpa_printf(MSG_INFO, "Failed to set CA cert");
1075 }
1076 }
1077 }
1078
1079
set_pps_cred_check_aaa_cert_status(struct hs20_osu_client * ctx,int id,xml_node_t * node)1080 static void set_pps_cred_check_aaa_cert_status(struct hs20_osu_client *ctx,
1081 int id, xml_node_t *node)
1082 {
1083 char *str = xml_node_get_text(ctx->xml, node);
1084
1085 if (str == NULL)
1086 return;
1087
1088 wpa_printf(MSG_INFO, "- Credential/CheckAAAServerCertStatus = %s", str);
1089 if (os_strcasecmp(str, "true") == 0 &&
1090 set_cred(ctx->ifname, id, "ocsp", "2") < 0)
1091 wpa_printf(MSG_INFO, "Failed to set cred ocsp");
1092 xml_node_get_text_free(ctx->xml, str);
1093 }
1094
1095
set_pps_cred_sim(struct hs20_osu_client * ctx,int id,xml_node_t * sim,xml_node_t * realm)1096 static void set_pps_cred_sim(struct hs20_osu_client *ctx, int id,
1097 xml_node_t *sim, xml_node_t *realm)
1098 {
1099 xml_node_t *node;
1100 char *imsi, *eaptype, *str, buf[20];
1101 int type;
1102 int mnc_len = 3;
1103 size_t imsi_len;
1104
1105 node = get_node(ctx->xml, sim, "EAPType");
1106 if (node == NULL) {
1107 wpa_printf(MSG_INFO, "No SIM/EAPType node in credential");
1108 return;
1109 }
1110 eaptype = xml_node_get_text(ctx->xml, node);
1111 if (eaptype == NULL) {
1112 wpa_printf(MSG_INFO, "Could not extract SIM/EAPType");
1113 return;
1114 }
1115 wpa_printf(MSG_INFO, " - Credential/SIM/EAPType = %s", eaptype);
1116 type = atoi(eaptype);
1117 xml_node_get_text_free(ctx->xml, eaptype);
1118
1119 switch (type) {
1120 case EAP_TYPE_SIM:
1121 if (set_cred(ctx->ifname, id, "eap", "SIM") < 0)
1122 wpa_printf(MSG_INFO, "Could not set eap=SIM");
1123 break;
1124 case EAP_TYPE_AKA:
1125 if (set_cred(ctx->ifname, id, "eap", "AKA") < 0)
1126 wpa_printf(MSG_INFO, "Could not set eap=SIM");
1127 break;
1128 case EAP_TYPE_AKA_PRIME:
1129 if (set_cred(ctx->ifname, id, "eap", "AKA'") < 0)
1130 wpa_printf(MSG_INFO, "Could not set eap=SIM");
1131 break;
1132 default:
1133 wpa_printf(MSG_INFO, "Unsupported SIM/EAPType %d", type);
1134 return;
1135 }
1136
1137 node = get_node(ctx->xml, sim, "IMSI");
1138 if (node == NULL) {
1139 wpa_printf(MSG_INFO, "No SIM/IMSI node in credential");
1140 return;
1141 }
1142 imsi = xml_node_get_text(ctx->xml, node);
1143 if (imsi == NULL) {
1144 wpa_printf(MSG_INFO, "Could not extract SIM/IMSI");
1145 return;
1146 }
1147 wpa_printf(MSG_INFO, " - Credential/SIM/IMSI = %s", imsi);
1148 imsi_len = os_strlen(imsi);
1149 if (imsi_len < 7 || imsi_len + 2 > sizeof(buf)) {
1150 wpa_printf(MSG_INFO, "Invalid IMSI length");
1151 xml_node_get_text_free(ctx->xml, imsi);
1152 return;
1153 }
1154
1155 str = xml_node_get_text(ctx->xml, node);
1156 if (str) {
1157 char *pos;
1158 pos = os_strstr(str, "mnc");
1159 if (pos && os_strlen(pos) >= 6) {
1160 if (os_strncmp(imsi + 3, pos + 3, 3) == 0)
1161 mnc_len = 3;
1162 else if (os_strncmp(imsi + 3, pos + 4, 2) == 0)
1163 mnc_len = 2;
1164 }
1165 xml_node_get_text_free(ctx->xml, str);
1166 }
1167
1168 os_memcpy(buf, imsi, 3 + mnc_len);
1169 buf[3 + mnc_len] = '-';
1170 os_strlcpy(buf + 3 + mnc_len + 1, imsi + 3 + mnc_len,
1171 sizeof(buf) - 3 - mnc_len - 1);
1172
1173 xml_node_get_text_free(ctx->xml, imsi);
1174
1175 if (set_cred_quoted(ctx->ifname, id, "imsi", buf) < 0)
1176 wpa_printf(MSG_INFO, "Could not set IMSI");
1177
1178 if (set_cred_quoted(ctx->ifname, id, "milenage",
1179 "90dca4eda45b53cf0f12d7c9c3bc6a89:"
1180 "cb9cccc4b9258e6dca4760379fb82581:000000000123") <
1181 0)
1182 wpa_printf(MSG_INFO, "Could not set Milenage parameters");
1183 }
1184
1185
set_pps_cred_credential(struct hs20_osu_client * ctx,int id,xml_node_t * node,const char * fqdn)1186 static void set_pps_cred_credential(struct hs20_osu_client *ctx, int id,
1187 xml_node_t *node, const char *fqdn)
1188 {
1189 xml_node_t *child, *sim, *realm;
1190 const char *name;
1191
1192 wpa_printf(MSG_INFO, "- Credential");
1193
1194 sim = get_node(ctx->xml, node, "SIM");
1195 realm = get_node(ctx->xml, node, "Realm");
1196
1197 xml_node_for_each_child(ctx->xml, child, node) {
1198 xml_node_for_each_check(ctx->xml, child);
1199 name = xml_node_get_localname(ctx->xml, child);
1200 if (os_strcasecmp(name, "CreationDate") == 0)
1201 set_pps_cred_creation_date(ctx, id, child);
1202 else if (os_strcasecmp(name, "ExpirationDate") == 0)
1203 set_pps_cred_expiration_date(ctx, id, child);
1204 else if (os_strcasecmp(name, "UsernamePassword") == 0)
1205 set_pps_cred_username_password(ctx, id, child);
1206 else if (os_strcasecmp(name, "DigitalCertificate") == 0)
1207 set_pps_cred_digital_cert(ctx, id, child, fqdn);
1208 else if (os_strcasecmp(name, "Realm") == 0)
1209 set_pps_cred_realm(ctx, id, child, fqdn, sim != NULL);
1210 else if (os_strcasecmp(name, "CheckAAAServerCertStatus") == 0)
1211 set_pps_cred_check_aaa_cert_status(ctx, id, child);
1212 else if (os_strcasecmp(name, "SIM") == 0)
1213 set_pps_cred_sim(ctx, id, child, realm);
1214 else
1215 wpa_printf(MSG_INFO, "Unknown Credential node '%s'",
1216 name);
1217 }
1218 }
1219
1220
set_pps_credential(struct hs20_osu_client * ctx,int id,xml_node_t * cred,const char * fqdn)1221 static void set_pps_credential(struct hs20_osu_client *ctx, int id,
1222 xml_node_t *cred, const char *fqdn)
1223 {
1224 xml_node_t *child;
1225 const char *name;
1226
1227 xml_node_for_each_child(ctx->xml, child, cred) {
1228 xml_node_for_each_check(ctx->xml, child);
1229 name = xml_node_get_localname(ctx->xml, child);
1230 if (os_strcasecmp(name, "Policy") == 0)
1231 set_pps_cred_policy(ctx, id, child);
1232 else if (os_strcasecmp(name, "CredentialPriority") == 0)
1233 set_pps_cred_priority(ctx, id, child);
1234 else if (os_strcasecmp(name, "AAAServerTrustRoot") == 0)
1235 set_pps_cred_aaa_server_trust_root(ctx, id, child);
1236 else if (os_strcasecmp(name, "SubscriptionUpdate") == 0)
1237 set_pps_cred_sub_update(ctx, id, child);
1238 else if (os_strcasecmp(name, "HomeSP") == 0)
1239 set_pps_cred_home_sp(ctx, id, child);
1240 else if (os_strcasecmp(name, "SubscriptionParameters") == 0)
1241 set_pps_cred_sub_params(ctx, id, child);
1242 else if (os_strcasecmp(name, "Credential") == 0)
1243 set_pps_cred_credential(ctx, id, child, fqdn);
1244 else
1245 wpa_printf(MSG_INFO, "Unknown credential node '%s'",
1246 name);
1247 }
1248 }
1249
1250
set_pps(struct hs20_osu_client * ctx,xml_node_t * pps,const char * fqdn)1251 static void set_pps(struct hs20_osu_client *ctx, xml_node_t *pps,
1252 const char *fqdn)
1253 {
1254 xml_node_t *child;
1255 const char *name;
1256 int id;
1257 char *update_identifier = NULL;
1258
1259 /*
1260 * TODO: Could consider more complex mechanism that would remove
1261 * credentials only if there are changes in the information sent to
1262 * wpa_supplicant.
1263 */
1264 remove_sp_creds(ctx, fqdn);
1265
1266 xml_node_for_each_child(ctx->xml, child, pps) {
1267 xml_node_for_each_check(ctx->xml, child);
1268 name = xml_node_get_localname(ctx->xml, child);
1269 if (os_strcasecmp(name, "UpdateIdentifier") == 0) {
1270 update_identifier = xml_node_get_text(ctx->xml, child);
1271 if (update_identifier) {
1272 wpa_printf(MSG_INFO, "- UpdateIdentifier = %s",
1273 update_identifier);
1274 break;
1275 }
1276 }
1277 }
1278
1279 xml_node_for_each_child(ctx->xml, child, pps) {
1280 xml_node_for_each_check(ctx->xml, child);
1281 name = xml_node_get_localname(ctx->xml, child);
1282 if (os_strcasecmp(name, "UpdateIdentifier") == 0)
1283 continue;
1284 id = add_cred(ctx->ifname);
1285 if (id < 0) {
1286 wpa_printf(MSG_INFO, "Failed to add credential to wpa_supplicant");
1287 write_summary(ctx, "Failed to add credential to wpa_supplicant");
1288 break;
1289 }
1290 write_summary(ctx, "Add a credential to wpa_supplicant");
1291 if (update_identifier &&
1292 set_cred(ctx->ifname, id, "update_identifier",
1293 update_identifier) < 0)
1294 wpa_printf(MSG_INFO, "Failed to set update_identifier");
1295 if (set_cred_quoted(ctx->ifname, id, "provisioning_sp", fqdn) <
1296 0)
1297 wpa_printf(MSG_INFO, "Failed to set provisioning_sp");
1298 wpa_printf(MSG_INFO, "credential localname: '%s'", name);
1299 set_pps_credential(ctx, id, child, fqdn);
1300 }
1301
1302 xml_node_get_text_free(ctx->xml, update_identifier);
1303 }
1304
1305
cmd_set_pps(struct hs20_osu_client * ctx,const char * pps_fname)1306 static void cmd_set_pps(struct hs20_osu_client *ctx, const char *pps_fname)
1307 {
1308 xml_node_t *pps;
1309 const char *fqdn;
1310 char *fqdn_buf = NULL, *pos;
1311
1312 pps = node_from_file(ctx->xml, pps_fname);
1313 if (pps == NULL) {
1314 wpa_printf(MSG_INFO, "Could not read or parse '%s'", pps_fname);
1315 return;
1316 }
1317
1318 fqdn = os_strstr(pps_fname, "SP/");
1319 if (fqdn) {
1320 fqdn_buf = os_strdup(fqdn + 3);
1321 if (fqdn_buf == NULL)
1322 return;
1323 pos = os_strchr(fqdn_buf, '/');
1324 if (pos)
1325 *pos = '\0';
1326 fqdn = fqdn_buf;
1327 } else
1328 fqdn = "wi-fi.org";
1329
1330 wpa_printf(MSG_INFO, "Set PPS MO info to wpa_supplicant - SP FQDN %s",
1331 fqdn);
1332 set_pps(ctx, pps, fqdn);
1333
1334 os_free(fqdn_buf);
1335 xml_node_free(ctx->xml, pps);
1336 }
1337
1338
cmd_get_fqdn(struct hs20_osu_client * ctx,const char * pps_fname)1339 static int cmd_get_fqdn(struct hs20_osu_client *ctx, const char *pps_fname)
1340 {
1341 xml_node_t *pps, *node;
1342 char *fqdn = NULL;
1343
1344 pps = node_from_file(ctx->xml, pps_fname);
1345 if (pps == NULL) {
1346 wpa_printf(MSG_INFO, "Could not read or parse '%s'", pps_fname);
1347 return -1;
1348 }
1349
1350 node = get_child_node(ctx->xml, pps, "HomeSP/FQDN");
1351 if (node)
1352 fqdn = xml_node_get_text(ctx->xml, node);
1353
1354 xml_node_free(ctx->xml, pps);
1355
1356 if (fqdn) {
1357 FILE *f = fopen("pps-fqdn", "w");
1358 if (f) {
1359 fprintf(f, "%s", fqdn);
1360 fclose(f);
1361 }
1362 xml_node_get_text_free(ctx->xml, fqdn);
1363 return 0;
1364 }
1365
1366 xml_node_get_text_free(ctx->xml, fqdn);
1367 return -1;
1368 }
1369
1370
cmd_to_tnds(struct hs20_osu_client * ctx,const char * in_fname,const char * out_fname,const char * urn,int use_path)1371 static void cmd_to_tnds(struct hs20_osu_client *ctx, const char *in_fname,
1372 const char *out_fname, const char *urn, int use_path)
1373 {
1374 xml_node_t *mo, *node;
1375
1376 mo = node_from_file(ctx->xml, in_fname);
1377 if (mo == NULL) {
1378 wpa_printf(MSG_INFO, "Could not read or parse '%s'", in_fname);
1379 return;
1380 }
1381
1382 node = mo_to_tnds(ctx->xml, mo, use_path, urn, NULL);
1383 if (node) {
1384 node_to_file(ctx->xml, out_fname, node);
1385 xml_node_free(ctx->xml, node);
1386 }
1387
1388 xml_node_free(ctx->xml, mo);
1389 }
1390
1391
cmd_from_tnds(struct hs20_osu_client * ctx,const char * in_fname,const char * out_fname)1392 static void cmd_from_tnds(struct hs20_osu_client *ctx, const char *in_fname,
1393 const char *out_fname)
1394 {
1395 xml_node_t *tnds, *mo;
1396
1397 tnds = node_from_file(ctx->xml, in_fname);
1398 if (tnds == NULL) {
1399 wpa_printf(MSG_INFO, "Could not read or parse '%s'", in_fname);
1400 return;
1401 }
1402
1403 mo = tnds_to_mo(ctx->xml, tnds);
1404 if (mo) {
1405 node_to_file(ctx->xml, out_fname, mo);
1406 xml_node_free(ctx->xml, mo);
1407 }
1408
1409 xml_node_free(ctx->xml, tnds);
1410 }
1411
1412
init_ctx(struct hs20_osu_client * ctx)1413 static int init_ctx(struct hs20_osu_client *ctx)
1414 {
1415 os_memset(ctx, 0, sizeof(*ctx));
1416 ctx->ifname = "wlan0";
1417 ctx->xml = xml_node_init_ctx(ctx, NULL);
1418 if (ctx->xml == NULL)
1419 return -1;
1420
1421 ctx->http = http_init_ctx(ctx, ctx->xml);
1422 if (ctx->http == NULL) {
1423 xml_node_deinit_ctx(ctx->xml);
1424 return -1;
1425 }
1426 http_ocsp_set(ctx->http, 2);
1427
1428 return 0;
1429 }
1430
1431
deinit_ctx(struct hs20_osu_client * ctx)1432 static void deinit_ctx(struct hs20_osu_client *ctx)
1433 {
1434 http_deinit_ctx(ctx->http);
1435 xml_node_deinit_ctx(ctx->xml);
1436 }
1437
1438
check_workarounds(struct hs20_osu_client * ctx)1439 static void check_workarounds(struct hs20_osu_client *ctx)
1440 {
1441 FILE *f;
1442 char buf[100];
1443 unsigned long int val = 0;
1444
1445 f = fopen("hs20-osu-client.workarounds", "r");
1446 if (f == NULL)
1447 return;
1448
1449 if (fgets(buf, sizeof(buf), f))
1450 val = strtoul(buf, NULL, 16);
1451
1452 fclose(f);
1453
1454 if (val) {
1455 wpa_printf(MSG_INFO, "Workarounds enabled: 0x%lx", val);
1456 ctx->workarounds = val;
1457 if (ctx->workarounds & WORKAROUND_OCSP_OPTIONAL)
1458 http_ocsp_set(ctx->http, 1);
1459 }
1460 }
1461
1462
usage(void)1463 static void usage(void)
1464 {
1465 printf("usage: hs20-osu-client [-dddqqKtT] [-S<station ifname>] \\\n"
1466 " [-w<wpa_supplicant ctrl_iface dir>] "
1467 "[-r<result file>] [-f<debug file>] \\\n"
1468 " [-s<summary file>] \\\n"
1469 " [-x<spp.xsd file name>] \\\n"
1470 " <command> [arguments..]\n"
1471 "commands:\n"
1472 "- to_tnds <XML MO> <XML MO in TNDS format> [URN]\n"
1473 "- to_tnds2 <XML MO> <XML MO in TNDS format (Path) "
1474 "[URN]>\n"
1475 "- from_tnds <XML MO in TNDS format> <XML MO>\n"
1476 "- set_pps <PerProviderSubscription XML file name>\n"
1477 "- get_fqdn <PerProviderSubscription XML file name>\n"
1478 "- dl_aaa_ca <PPS> <CA file>\n"
1479 "- browser <URL>\n");
1480 }
1481
1482
main(int argc,char * argv[])1483 int main(int argc, char *argv[])
1484 {
1485 struct hs20_osu_client ctx;
1486 int c;
1487 int ret = 0;
1488 const char *wpa_debug_file_path = NULL;
1489 extern char *wpas_ctrl_path;
1490 extern int wpa_debug_level;
1491 extern int wpa_debug_show_keys;
1492 extern int wpa_debug_timestamp;
1493
1494 if (init_ctx(&ctx) < 0)
1495 return -1;
1496
1497 for (;;) {
1498 c = getopt(argc, argv, "df:hKqr:s:S:tTw:");
1499 if (c < 0)
1500 break;
1501 switch (c) {
1502 case 'd':
1503 if (wpa_debug_level > 0)
1504 wpa_debug_level--;
1505 break;
1506 case 'f':
1507 wpa_debug_file_path = optarg;
1508 break;
1509 case 'K':
1510 wpa_debug_show_keys++;
1511 break;
1512 case 'q':
1513 wpa_debug_level++;
1514 break;
1515 case 'r':
1516 ctx.result_file = optarg;
1517 break;
1518 case 's':
1519 ctx.summary_file = optarg;
1520 break;
1521 case 'S':
1522 ctx.ifname = optarg;
1523 break;
1524 case 't':
1525 wpa_debug_timestamp++;
1526 break;
1527 case 'T':
1528 ctx.ignore_tls = 1;
1529 break;
1530 case 'w':
1531 wpas_ctrl_path = optarg;
1532 break;
1533 case 'h':
1534 default:
1535 usage();
1536 exit(0);
1537 }
1538 }
1539
1540 if (argc - optind < 1) {
1541 usage();
1542 exit(0);
1543 }
1544
1545 wpa_debug_open_file(wpa_debug_file_path);
1546
1547 #ifdef __linux__
1548 setlinebuf(stdout);
1549 #endif /* __linux__ */
1550
1551 if (ctx.result_file)
1552 unlink(ctx.result_file);
1553 wpa_printf(MSG_DEBUG, "===[hs20-osu-client START - command: %s ]======"
1554 "================", argv[optind]);
1555 check_workarounds(&ctx);
1556
1557 if (strcmp(argv[optind], "to_tnds") == 0) {
1558 if (argc - optind < 2) {
1559 usage();
1560 exit(0);
1561 }
1562 cmd_to_tnds(&ctx, argv[optind + 1], argv[optind + 2],
1563 argc > optind + 3 ? argv[optind + 3] : NULL,
1564 0);
1565 } else if (strcmp(argv[optind], "to_tnds2") == 0) {
1566 if (argc - optind < 2) {
1567 usage();
1568 exit(0);
1569 }
1570 cmd_to_tnds(&ctx, argv[optind + 1], argv[optind + 2],
1571 argc > optind + 3 ? argv[optind + 3] : NULL,
1572 1);
1573 } else if (strcmp(argv[optind], "from_tnds") == 0) {
1574 if (argc - optind < 2) {
1575 usage();
1576 exit(0);
1577 }
1578 cmd_from_tnds(&ctx, argv[optind + 1], argv[optind + 2]);
1579 } else if (strcmp(argv[optind], "dl_aaa_ca") == 0) {
1580 if (argc - optind < 2) {
1581 usage();
1582 exit(0);
1583 }
1584 cmd_dl_aaa_ca(&ctx, argv[optind + 1], argv[optind + 2]);
1585 } else if (strcmp(argv[optind], "set_pps") == 0) {
1586 if (argc - optind < 2) {
1587 usage();
1588 exit(0);
1589 }
1590 cmd_set_pps(&ctx, argv[optind + 1]);
1591 } else if (strcmp(argv[optind], "get_fqdn") == 0) {
1592 if (argc - optind < 1) {
1593 usage();
1594 exit(0);
1595 }
1596 ret = cmd_get_fqdn(&ctx, argv[optind + 1]);
1597 } else if (strcmp(argv[optind], "browser") == 0) {
1598 int ret;
1599
1600 if (argc - optind < 2) {
1601 usage();
1602 exit(0);
1603 }
1604
1605 wpa_printf(MSG_INFO, "Launch web browser to URL %s",
1606 argv[optind + 1]);
1607 ret = hs20_web_browser(argv[optind + 1], ctx.ignore_tls);
1608 wpa_printf(MSG_INFO, "Web browser result: %d", ret);
1609 } else {
1610 wpa_printf(MSG_INFO, "Unknown command '%s'", argv[optind]);
1611 }
1612
1613 deinit_ctx(&ctx);
1614 wpa_printf(MSG_DEBUG,
1615 "===[hs20-osu-client END ]======================");
1616
1617 wpa_debug_close_file();
1618
1619 return ret;
1620 }
1621