1/*
2 * hostapd / EAP user database
3 * Copyright (c) 2012, Jouni Malinen <j@w1.fi>
4 *
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
7 */
8
9#include "includes.h"
10#ifdef CONFIG_SQLITE
11#include <sqlite3.h>
12#endif /* CONFIG_SQLITE */
13
14#include "common.h"
15#include "eap_common/eap_wsc_common.h"
16#include "eap_server/eap_methods.h"
17#include "eap_server/eap.h"
18#include "ap_config.h"
19#include "hostapd.h"
20
21#ifdef CONFIG_SQLITE
22
23static void set_user_methods(struct hostapd_eap_user *user, const char *methods)
24{
25	char *buf, *start;
26	int num_methods;
27
28	buf = os_strdup(methods);
29	if (buf == NULL)
30		return;
31
32	os_memset(&user->methods, 0, sizeof(user->methods));
33	num_methods = 0;
34	start = buf;
35	while (*start) {
36		char *pos3 = os_strchr(start, ',');
37		if (pos3)
38			*pos3++ = '\0';
39		user->methods[num_methods].method =
40			eap_server_get_type(start,
41					    &user->methods[num_methods].vendor);
42		if (user->methods[num_methods].vendor == EAP_VENDOR_IETF &&
43		    user->methods[num_methods].method == EAP_TYPE_NONE) {
44			if (os_strcmp(start, "TTLS-PAP") == 0) {
45				user->ttls_auth |= EAP_TTLS_AUTH_PAP;
46				goto skip_eap;
47			}
48			if (os_strcmp(start, "TTLS-CHAP") == 0) {
49				user->ttls_auth |= EAP_TTLS_AUTH_CHAP;
50				goto skip_eap;
51			}
52			if (os_strcmp(start, "TTLS-MSCHAP") == 0) {
53				user->ttls_auth |= EAP_TTLS_AUTH_MSCHAP;
54				goto skip_eap;
55			}
56			if (os_strcmp(start, "TTLS-MSCHAPV2") == 0) {
57				user->ttls_auth |= EAP_TTLS_AUTH_MSCHAPV2;
58				goto skip_eap;
59			}
60			wpa_printf(MSG_INFO, "DB: Unsupported EAP type '%s'",
61				   start);
62			os_free(buf);
63			return;
64		}
65
66		num_methods++;
67		if (num_methods >= EAP_MAX_METHODS)
68			break;
69	skip_eap:
70		if (pos3 == NULL)
71			break;
72		start = pos3;
73	}
74
75	os_free(buf);
76}
77
78
79static int get_user_cb(void *ctx, int argc, char *argv[], char *col[])
80{
81	struct hostapd_eap_user *user = ctx;
82	int i;
83
84	for (i = 0; i < argc; i++) {
85		if (os_strcmp(col[i], "password") == 0 && argv[i]) {
86			bin_clear_free(user->password, user->password_len);
87			user->password_len = os_strlen(argv[i]);
88			user->password = (u8 *) os_strdup(argv[i]);
89			user->next = (void *) 1;
90		} else if (os_strcmp(col[i], "methods") == 0 && argv[i]) {
91			set_user_methods(user, argv[i]);
92		} else if (os_strcmp(col[i], "remediation") == 0 && argv[i]) {
93			user->remediation = strlen(argv[i]) > 0;
94		}
95	}
96
97	return 0;
98}
99
100
101static int get_wildcard_cb(void *ctx, int argc, char *argv[], char *col[])
102{
103	struct hostapd_eap_user *user = ctx;
104	int i, id = -1, methods = -1;
105	size_t len;
106
107	for (i = 0; i < argc; i++) {
108		if (os_strcmp(col[i], "identity") == 0 && argv[i])
109			id = i;
110		else if (os_strcmp(col[i], "methods") == 0 && argv[i])
111			methods = i;
112	}
113
114	if (id < 0 || methods < 0)
115		return 0;
116
117	len = os_strlen(argv[id]);
118	if (len <= user->identity_len &&
119	    os_memcmp(argv[id], user->identity, len) == 0 &&
120	    (user->password == NULL || len > user->password_len)) {
121		bin_clear_free(user->password, user->password_len);
122		user->password_len = os_strlen(argv[id]);
123		user->password = (u8 *) os_strdup(argv[id]);
124		user->next = (void *) 1;
125		set_user_methods(user, argv[methods]);
126	}
127
128	return 0;
129}
130
131
132static const struct hostapd_eap_user *
133eap_user_sqlite_get(struct hostapd_data *hapd, const u8 *identity,
134		    size_t identity_len, int phase2)
135{
136	sqlite3 *db;
137	struct hostapd_eap_user *user = NULL;
138	char id_str[256], cmd[300];
139	size_t i;
140
141	if (identity_len >= sizeof(id_str)) {
142		wpa_printf(MSG_DEBUG, "%s: identity len too big: %d >= %d",
143			   __func__, (int) identity_len,
144			   (int) (sizeof(id_str)));
145		return NULL;
146	}
147	os_memcpy(id_str, identity, identity_len);
148	id_str[identity_len] = '\0';
149	for (i = 0; i < identity_len; i++) {
150		if (id_str[i] >= 'a' && id_str[i] <= 'z')
151			continue;
152		if (id_str[i] >= 'A' && id_str[i] <= 'Z')
153			continue;
154		if (id_str[i] >= '0' && id_str[i] <= '9')
155			continue;
156		if (id_str[i] == '-' || id_str[i] == '_' || id_str[i] == '.' ||
157		    id_str[i] == ',' || id_str[i] == '@' || id_str[i] == '\\' ||
158		    id_str[i] == '!' || id_str[i] == '#' || id_str[i] == '%' ||
159		    id_str[i] == '=' || id_str[i] == ' ')
160			continue;
161		wpa_printf(MSG_INFO, "DB: Unsupported character in identity");
162		return NULL;
163	}
164
165	bin_clear_free(hapd->tmp_eap_user.identity,
166		       hapd->tmp_eap_user.identity_len);
167	bin_clear_free(hapd->tmp_eap_user.password,
168		       hapd->tmp_eap_user.password_len);
169	os_memset(&hapd->tmp_eap_user, 0, sizeof(hapd->tmp_eap_user));
170	hapd->tmp_eap_user.phase2 = phase2;
171	hapd->tmp_eap_user.identity = os_zalloc(identity_len + 1);
172	if (hapd->tmp_eap_user.identity == NULL)
173		return NULL;
174	os_memcpy(hapd->tmp_eap_user.identity, identity, identity_len);
175
176	if (sqlite3_open(hapd->conf->eap_user_sqlite, &db)) {
177		wpa_printf(MSG_INFO, "DB: Failed to open database %s: %s",
178			   hapd->conf->eap_user_sqlite, sqlite3_errmsg(db));
179		sqlite3_close(db);
180		return NULL;
181	}
182
183	os_snprintf(cmd, sizeof(cmd),
184		    "SELECT * FROM users WHERE identity='%s' AND phase2=%d;",
185		    id_str, phase2);
186	wpa_printf(MSG_DEBUG, "DB: %s", cmd);
187	if (sqlite3_exec(db, cmd, get_user_cb, &hapd->tmp_eap_user, NULL) !=
188	    SQLITE_OK) {
189		wpa_printf(MSG_DEBUG,
190			   "DB: Failed to complete SQL operation: %s  db: %s",
191			   sqlite3_errmsg(db), hapd->conf->eap_user_sqlite);
192	} else if (hapd->tmp_eap_user.next)
193		user = &hapd->tmp_eap_user;
194
195	if (user == NULL && !phase2) {
196		os_snprintf(cmd, sizeof(cmd),
197			    "SELECT identity,methods FROM wildcards;");
198		wpa_printf(MSG_DEBUG, "DB: %s", cmd);
199		if (sqlite3_exec(db, cmd, get_wildcard_cb, &hapd->tmp_eap_user,
200				 NULL) != SQLITE_OK) {
201			wpa_printf(MSG_DEBUG,
202				   "DB: Failed to complete SQL operation: %s  db: %s",
203				   sqlite3_errmsg(db),
204				   hapd->conf->eap_user_sqlite);
205		} else if (hapd->tmp_eap_user.next) {
206			user = &hapd->tmp_eap_user;
207			os_free(user->identity);
208			user->identity = user->password;
209			user->identity_len = user->password_len;
210			user->password = NULL;
211			user->password_len = 0;
212		}
213	}
214
215	sqlite3_close(db);
216
217	return user;
218}
219
220#endif /* CONFIG_SQLITE */
221
222
223const struct hostapd_eap_user *
224hostapd_get_eap_user(struct hostapd_data *hapd, const u8 *identity,
225		     size_t identity_len, int phase2)
226{
227	const struct hostapd_bss_config *conf = hapd->conf;
228	struct hostapd_eap_user *user = conf->eap_user;
229
230#ifdef CONFIG_WPS
231	if (conf->wps_state && identity_len == WSC_ID_ENROLLEE_LEN &&
232	    os_memcmp(identity, WSC_ID_ENROLLEE, WSC_ID_ENROLLEE_LEN) == 0) {
233		static struct hostapd_eap_user wsc_enrollee;
234		os_memset(&wsc_enrollee, 0, sizeof(wsc_enrollee));
235		wsc_enrollee.methods[0].method = eap_server_get_type(
236			"WSC", &wsc_enrollee.methods[0].vendor);
237		return &wsc_enrollee;
238	}
239
240	if (conf->wps_state && identity_len == WSC_ID_REGISTRAR_LEN &&
241	    os_memcmp(identity, WSC_ID_REGISTRAR, WSC_ID_REGISTRAR_LEN) == 0) {
242		static struct hostapd_eap_user wsc_registrar;
243		os_memset(&wsc_registrar, 0, sizeof(wsc_registrar));
244		wsc_registrar.methods[0].method = eap_server_get_type(
245			"WSC", &wsc_registrar.methods[0].vendor);
246		wsc_registrar.password = (u8 *) conf->ap_pin;
247		wsc_registrar.password_len = conf->ap_pin ?
248			os_strlen(conf->ap_pin) : 0;
249		return &wsc_registrar;
250	}
251#endif /* CONFIG_WPS */
252
253	while (user) {
254		if (!phase2 && user->identity == NULL) {
255			/* Wildcard match */
256			break;
257		}
258
259		if (user->phase2 == !!phase2 && user->wildcard_prefix &&
260		    identity_len >= user->identity_len &&
261		    os_memcmp(user->identity, identity, user->identity_len) ==
262		    0) {
263			/* Wildcard prefix match */
264			break;
265		}
266
267		if (user->phase2 == !!phase2 &&
268		    user->identity_len == identity_len &&
269		    os_memcmp(user->identity, identity, identity_len) == 0)
270			break;
271		user = user->next;
272	}
273
274#ifdef CONFIG_SQLITE
275	if (user == NULL && conf->eap_user_sqlite) {
276		return eap_user_sqlite_get(hapd, identity, identity_len,
277					   phase2);
278	}
279#endif /* CONFIG_SQLITE */
280
281	return user;
282}
283