1/* 2 * Hotspot 2.0 OSU client 3 * Copyright (c) 2012-2014, Qualcomm Atheros, Inc. 4 * 5 * This software may be distributed under the terms of the BSD license. 6 * See README for more details. 7 */ 8 9#include "includes.h" 10#include <time.h> 11#include <sys/stat.h> 12#ifdef ANDROID 13#include "private/android_filesystem_config.h" 14#endif /* ANDROID */ 15 16#include "common.h" 17#include "utils/browser.h" 18#include "utils/base64.h" 19#include "utils/xml-utils.h" 20#include "utils/http-utils.h" 21#include "common/wpa_ctrl.h" 22#include "common/wpa_helpers.h" 23#include "eap_common/eap_defs.h" 24#include "crypto/crypto.h" 25#include "crypto/sha256.h" 26#include "osu_client.h" 27 28const char *spp_xsd_fname = "spp.xsd"; 29 30 31void write_result(struct hs20_osu_client *ctx, const char *fmt, ...) 32{ 33 va_list ap; 34 FILE *f; 35 char buf[500]; 36 37 va_start(ap, fmt); 38 vsnprintf(buf, sizeof(buf), fmt, ap); 39 va_end(ap); 40 write_summary(ctx, "%s", buf); 41 42 if (!ctx->result_file) 43 return; 44 45 f = fopen(ctx->result_file, "w"); 46 if (f == NULL) 47 return; 48 49 va_start(ap, fmt); 50 vfprintf(f, fmt, ap); 51 va_end(ap); 52 fprintf(f, "\n"); 53 fclose(f); 54} 55 56 57void write_summary(struct hs20_osu_client *ctx, const char *fmt, ...) 58{ 59 va_list ap; 60 FILE *f; 61 62 if (!ctx->summary_file) 63 return; 64 65 f = fopen(ctx->summary_file, "a"); 66 if (f == NULL) 67 return; 68 69 va_start(ap, fmt); 70 vfprintf(f, fmt, ap); 71 va_end(ap); 72 fprintf(f, "\n"); 73 fclose(f); 74} 75 76 77void debug_dump_node(struct hs20_osu_client *ctx, const char *title, 78 xml_node_t *node) 79{ 80 char *str = xml_node_to_str(ctx->xml, node); 81 wpa_printf(MSG_DEBUG, "[hs20] %s: '%s'", title, str); 82 free(str); 83} 84 85 86static int valid_fqdn(const char *fqdn) 87{ 88 const char *pos; 89 90 /* TODO: could make this more complete.. */ 91 if (strchr(fqdn, '.') == 0 || strlen(fqdn) > 255) 92 return 0; 93 for (pos = fqdn; *pos; pos++) { 94 if (*pos >= 'a' && *pos <= 'z') 95 continue; 96 if (*pos >= 'A' && *pos <= 'Z') 97 continue; 98 if (*pos >= '0' && *pos <= '9') 99 continue; 100 if (*pos == '-' || *pos == '.' || *pos == '_') 101 continue; 102 return 0; 103 } 104 return 1; 105} 106 107 108int osu_get_certificate(struct hs20_osu_client *ctx, xml_node_t *getcert) 109{ 110 xml_node_t *node; 111 char *url, *user = NULL, *pw = NULL; 112 char *proto; 113 int ret = -1; 114 115 proto = xml_node_get_attr_value(ctx->xml, getcert, 116 "enrollmentProtocol"); 117 if (!proto) 118 return -1; 119 wpa_printf(MSG_INFO, "getCertificate - enrollmentProtocol=%s", proto); 120 write_summary(ctx, "getCertificate - enrollmentProtocol=%s", proto); 121 if (os_strcasecmp(proto, "EST") != 0) { 122 wpa_printf(MSG_INFO, "Unsupported enrollmentProtocol"); 123 xml_node_get_attr_value_free(ctx->xml, proto); 124 return -1; 125 } 126 xml_node_get_attr_value_free(ctx->xml, proto); 127 128 node = get_node(ctx->xml, getcert, "enrollmentServerURI"); 129 if (node == NULL) { 130 wpa_printf(MSG_INFO, "Could not find enrollmentServerURI node"); 131 xml_node_get_attr_value_free(ctx->xml, proto); 132 return -1; 133 } 134 url = xml_node_get_text(ctx->xml, node); 135 if (url == NULL) { 136 wpa_printf(MSG_INFO, "Could not get URL text"); 137 return -1; 138 } 139 wpa_printf(MSG_INFO, "enrollmentServerURI: %s", url); 140 write_summary(ctx, "enrollmentServerURI: %s", url); 141 142 node = get_node(ctx->xml, getcert, "estUserID"); 143 if (node == NULL && !ctx->client_cert_present) { 144 wpa_printf(MSG_INFO, "Could not find estUserID node"); 145 goto fail; 146 } 147 if (node) { 148 user = xml_node_get_text(ctx->xml, node); 149 if (user == NULL) { 150 wpa_printf(MSG_INFO, "Could not get estUserID text"); 151 goto fail; 152 } 153 wpa_printf(MSG_INFO, "estUserID: %s", user); 154 write_summary(ctx, "estUserID: %s", user); 155 } 156 157 node = get_node(ctx->xml, getcert, "estPassword"); 158 if (node == NULL && !ctx->client_cert_present) { 159 wpa_printf(MSG_INFO, "Could not find estPassword node"); 160 goto fail; 161 } 162 if (node) { 163 pw = xml_node_get_base64_text(ctx->xml, node, NULL); 164 if (pw == NULL) { 165 wpa_printf(MSG_INFO, "Could not get estPassword text"); 166 goto fail; 167 } 168 wpa_printf(MSG_INFO, "estPassword: %s", pw); 169 } 170 171 mkdir("Cert", S_IRWXU); 172 if (est_load_cacerts(ctx, url) < 0 || 173 est_build_csr(ctx, url) < 0 || 174 est_simple_enroll(ctx, url, user, pw) < 0) 175 goto fail; 176 177 ret = 0; 178fail: 179 xml_node_get_text_free(ctx->xml, url); 180 xml_node_get_text_free(ctx->xml, user); 181 xml_node_get_text_free(ctx->xml, pw); 182 183 return ret; 184} 185 186 187static int process_est_cert(struct hs20_osu_client *ctx, xml_node_t *cert, 188 const char *fqdn) 189{ 190 u8 digest1[SHA256_MAC_LEN], digest2[SHA256_MAC_LEN]; 191 char *der, *pem; 192 size_t der_len, pem_len; 193 char *fingerprint; 194 char buf[200]; 195 196 wpa_printf(MSG_INFO, "PPS for certificate credential - fqdn=%s", fqdn); 197 198 fingerprint = xml_node_get_text(ctx->xml, cert); 199 if (fingerprint == NULL) 200 return -1; 201 if (hexstr2bin(fingerprint, digest1, SHA256_MAC_LEN) < 0) { 202 wpa_printf(MSG_INFO, "Invalid SHA256 hash value"); 203 write_result(ctx, "Invalid client certificate SHA256 hash value in PPS"); 204 xml_node_get_text_free(ctx->xml, fingerprint); 205 return -1; 206 } 207 xml_node_get_text_free(ctx->xml, fingerprint); 208 209 der = os_readfile("Cert/est_cert.der", &der_len); 210 if (der == NULL) { 211 wpa_printf(MSG_INFO, "Could not find client certificate from EST"); 212 write_result(ctx, "Could not find client certificate from EST"); 213 return -1; 214 } 215 216 if (sha256_vector(1, (const u8 **) &der, &der_len, digest2) < 0) { 217 os_free(der); 218 return -1; 219 } 220 os_free(der); 221 222 if (os_memcmp(digest1, digest2, sizeof(digest1)) != 0) { 223 wpa_printf(MSG_INFO, "Client certificate from EST does not match fingerprint from PPS MO"); 224 write_result(ctx, "Client certificate from EST does not match fingerprint from PPS MO"); 225 return -1; 226 } 227 228 wpa_printf(MSG_INFO, "Client certificate from EST matches PPS MO"); 229 unlink("Cert/est_cert.der"); 230 231 os_snprintf(buf, sizeof(buf), "SP/%s/client-ca.pem", fqdn); 232 if (rename("Cert/est-cacerts.pem", buf) < 0) { 233 wpa_printf(MSG_INFO, "Could not move est-cacerts.pem to client-ca.pem: %s", 234 strerror(errno)); 235 return -1; 236 } 237 pem = os_readfile(buf, &pem_len); 238 239 os_snprintf(buf, sizeof(buf), "SP/%s/client-cert.pem", fqdn); 240 if (rename("Cert/est_cert.pem", buf) < 0) { 241 wpa_printf(MSG_INFO, "Could not move est_cert.pem to client-cert.pem: %s", 242 strerror(errno)); 243 os_free(pem); 244 return -1; 245 } 246 247 if (pem) { 248 FILE *f = fopen(buf, "a"); 249 if (f) { 250 fwrite(pem, pem_len, 1, f); 251 fclose(f); 252 } 253 os_free(pem); 254 } 255 256 os_snprintf(buf, sizeof(buf), "SP/%s/client-key.pem", fqdn); 257 if (rename("Cert/privkey-plain.pem", buf) < 0) { 258 wpa_printf(MSG_INFO, "Could not move privkey-plain.pem to client-key.pem: %s", 259 strerror(errno)); 260 return -1; 261 } 262 263 unlink("Cert/est-req.b64"); 264 unlink("Cert/est-req.pem"); 265 unlink("Cert/est-resp.raw"); 266 rmdir("Cert"); 267 268 return 0; 269} 270 271 272#define TMP_CERT_DL_FILE "tmp-cert-download" 273 274static int download_cert(struct hs20_osu_client *ctx, xml_node_t *params, 275 const char *fname) 276{ 277 xml_node_t *url_node, *hash_node; 278 char *url, *hash; 279 char *cert; 280 size_t len; 281 u8 digest1[SHA256_MAC_LEN], digest2[SHA256_MAC_LEN]; 282 int res; 283 unsigned char *b64; 284 FILE *f; 285 286 url_node = get_node(ctx->xml, params, "CertURL"); 287 hash_node = get_node(ctx->xml, params, "CertSHA256Fingerprint"); 288 if (url_node == NULL || hash_node == NULL) 289 return -1; 290 url = xml_node_get_text(ctx->xml, url_node); 291 hash = xml_node_get_text(ctx->xml, hash_node); 292 if (url == NULL || hash == NULL) { 293 xml_node_get_text_free(ctx->xml, url); 294 xml_node_get_text_free(ctx->xml, hash); 295 return -1; 296 } 297 298 wpa_printf(MSG_INFO, "CertURL: %s", url); 299 wpa_printf(MSG_INFO, "SHA256 hash: %s", hash); 300 301 if (hexstr2bin(hash, digest1, SHA256_MAC_LEN) < 0) { 302 wpa_printf(MSG_INFO, "Invalid SHA256 hash value"); 303 write_result(ctx, "Invalid SHA256 hash value for downloaded certificate"); 304 xml_node_get_text_free(ctx->xml, hash); 305 return -1; 306 } 307 xml_node_get_text_free(ctx->xml, hash); 308 309 write_summary(ctx, "Download certificate from %s", url); 310 ctx->no_osu_cert_validation = 1; 311 http_ocsp_set(ctx->http, 1); 312 res = http_download_file(ctx->http, url, TMP_CERT_DL_FILE, NULL); 313 http_ocsp_set(ctx->http, 314 (ctx->workarounds & WORKAROUND_OCSP_OPTIONAL) ? 1 : 2); 315 ctx->no_osu_cert_validation = 0; 316 xml_node_get_text_free(ctx->xml, url); 317 if (res < 0) 318 return -1; 319 320 cert = os_readfile(TMP_CERT_DL_FILE, &len); 321 remove(TMP_CERT_DL_FILE); 322 if (cert == NULL) 323 return -1; 324 325 if (sha256_vector(1, (const u8 **) &cert, &len, digest2) < 0) { 326 os_free(cert); 327 return -1; 328 } 329 330 if (os_memcmp(digest1, digest2, sizeof(digest1)) != 0) { 331 wpa_printf(MSG_INFO, "Downloaded certificate fingerprint did not match"); 332 write_result(ctx, "Downloaded certificate fingerprint did not match"); 333 os_free(cert); 334 return -1; 335 } 336 337 b64 = base64_encode((unsigned char *) cert, len, NULL); 338 os_free(cert); 339 if (b64 == NULL) 340 return -1; 341 342 f = fopen(fname, "wb"); 343 if (f == NULL) { 344 os_free(b64); 345 return -1; 346 } 347 348 fprintf(f, "-----BEGIN CERTIFICATE-----\n" 349 "%s" 350 "-----END CERTIFICATE-----\n", 351 b64); 352 353 os_free(b64); 354 fclose(f); 355 356 wpa_printf(MSG_INFO, "Downloaded certificate into %s and validated fingerprint", 357 fname); 358 write_summary(ctx, "Downloaded certificate into %s and validated fingerprint", 359 fname); 360 361 return 0; 362} 363 364 365static int cmd_dl_osu_ca(struct hs20_osu_client *ctx, const char *pps_fname, 366 const char *ca_fname) 367{ 368 xml_node_t *pps, *node; 369 int ret; 370 371 pps = node_from_file(ctx->xml, pps_fname); 372 if (pps == NULL) { 373 wpa_printf(MSG_INFO, "Could not read or parse '%s'", pps_fname); 374 return -1; 375 } 376 377 node = get_child_node(ctx->xml, pps, 378 "SubscriptionUpdate/TrustRoot"); 379 if (node == NULL) { 380 wpa_printf(MSG_INFO, "No SubscriptionUpdate/TrustRoot/CertURL found from PPS"); 381 xml_node_free(ctx->xml, pps); 382 return -1; 383 } 384 385 ret = download_cert(ctx, node, ca_fname); 386 xml_node_free(ctx->xml, pps); 387 388 return ret; 389} 390 391 392static int cmd_dl_polupd_ca(struct hs20_osu_client *ctx, const char *pps_fname, 393 const char *ca_fname) 394{ 395 xml_node_t *pps, *node; 396 int ret; 397 398 pps = node_from_file(ctx->xml, pps_fname); 399 if (pps == NULL) { 400 wpa_printf(MSG_INFO, "Could not read or parse '%s'", pps_fname); 401 return -1; 402 } 403 404 node = get_child_node(ctx->xml, pps, 405 "Policy/PolicyUpdate/TrustRoot"); 406 if (node == NULL) { 407 wpa_printf(MSG_INFO, "No Policy/PolicyUpdate/TrustRoot/CertURL found from PPS"); 408 xml_node_free(ctx->xml, pps); 409 return -1; 410 } 411 412 ret = download_cert(ctx, node, ca_fname); 413 xml_node_free(ctx->xml, pps); 414 415 return ret; 416} 417 418 419static int cmd_dl_aaa_ca(struct hs20_osu_client *ctx, const char *pps_fname, 420 const char *ca_fname) 421{ 422 xml_node_t *pps, *node, *aaa; 423 int ret; 424 425 pps = node_from_file(ctx->xml, pps_fname); 426 if (pps == NULL) { 427 wpa_printf(MSG_INFO, "Could not read or parse '%s'", pps_fname); 428 return -1; 429 } 430 431 node = get_child_node(ctx->xml, pps, 432 "AAAServerTrustRoot"); 433 if (node == NULL) { 434 wpa_printf(MSG_INFO, "No AAAServerTrustRoot/CertURL found from PPS"); 435 xml_node_free(ctx->xml, pps); 436 return -1; 437 } 438 439 aaa = xml_node_first_child(ctx->xml, node); 440 if (aaa == NULL) { 441 wpa_printf(MSG_INFO, "No AAAServerTrustRoot/CertURL found from PPS"); 442 xml_node_free(ctx->xml, pps); 443 return -1; 444 } 445 446 ret = download_cert(ctx, aaa, ca_fname); 447 xml_node_free(ctx->xml, pps); 448 449 return ret; 450} 451 452 453static int download_trust_roots(struct hs20_osu_client *ctx, 454 const char *pps_fname) 455{ 456 char *dir, *pos; 457 char fname[300]; 458 int ret; 459 460 dir = os_strdup(pps_fname); 461 if (dir == NULL) 462 return -1; 463 pos = os_strrchr(dir, '/'); 464 if (pos == NULL) { 465 os_free(dir); 466 return -1; 467 } 468 *pos = '\0'; 469 470 snprintf(fname, sizeof(fname), "%s/ca.pem", dir); 471 ret = cmd_dl_osu_ca(ctx, pps_fname, fname); 472 snprintf(fname, sizeof(fname), "%s/polupd-ca.pem", dir); 473 cmd_dl_polupd_ca(ctx, pps_fname, fname); 474 snprintf(fname, sizeof(fname), "%s/aaa-ca.pem", dir); 475 cmd_dl_aaa_ca(ctx, pps_fname, fname); 476 477 os_free(dir); 478 479 return ret; 480} 481 482 483static int server_dnsname_suffix_match(struct hs20_osu_client *ctx, 484 const char *fqdn) 485{ 486 size_t match_len, len, i; 487 const char *val; 488 489 match_len = os_strlen(fqdn); 490 491 for (i = 0; i < ctx->server_dnsname_count; i++) { 492 wpa_printf(MSG_INFO, 493 "Checking suffix match against server dNSName %s", 494 ctx->server_dnsname[i]); 495 val = ctx->server_dnsname[i]; 496 len = os_strlen(val); 497 498 if (match_len > len) 499 continue; 500 501 if (os_strncasecmp(val + len - match_len, fqdn, match_len) != 0) 502 continue; /* no match */ 503 504 if (match_len == len) 505 return 1; /* exact match */ 506 507 if (val[len - match_len - 1] == '.') 508 return 1; /* full label match completes suffix match */ 509 510 /* Reject due to incomplete label match */ 511 } 512 513 /* None of the dNSName(s) matched */ 514 return 0; 515} 516 517 518int hs20_add_pps_mo(struct hs20_osu_client *ctx, const char *uri, 519 xml_node_t *add_mo, char *fname, size_t fname_len) 520{ 521 char *str; 522 char *fqdn, *pos; 523 xml_node_t *tnds, *mo, *cert; 524 const char *name; 525 int ret; 526 527 if (strncmp(uri, "./Wi-Fi/", 8) != 0) { 528 wpa_printf(MSG_INFO, "Unsupported location for addMO to add PPS MO: '%s'", 529 uri); 530 write_result(ctx, "Unsupported location for addMO to add PPS MO: '%s'", 531 uri); 532 return -1; 533 } 534 535 fqdn = strdup(uri + 8); 536 if (fqdn == NULL) 537 return -1; 538 pos = strchr(fqdn, '/'); 539 if (pos) { 540 if (os_strcasecmp(pos, "/PerProviderSubscription") != 0) { 541 wpa_printf(MSG_INFO, "Unsupported location for addMO to add PPS MO (extra directory): '%s'", 542 uri); 543 write_result(ctx, "Unsupported location for addMO to " 544 "add PPS MO (extra directory): '%s'", uri); 545 free(fqdn); 546 return -1; 547 } 548 *pos = '\0'; /* remove trailing slash and PPS node name */ 549 } 550 wpa_printf(MSG_INFO, "SP FQDN: %s", fqdn); 551 552 if (!server_dnsname_suffix_match(ctx, fqdn)) { 553 wpa_printf(MSG_INFO, 554 "FQDN '%s' for new PPS MO did not have suffix match with server's dNSName values, count: %d", 555 fqdn, (int) ctx->server_dnsname_count); 556 write_result(ctx, "FQDN '%s' for new PPS MO did not have suffix match with server's dNSName values", 557 fqdn); 558 free(fqdn); 559 return -1; 560 } 561 562 if (!valid_fqdn(fqdn)) { 563 wpa_printf(MSG_INFO, "Invalid FQDN '%s'", fqdn); 564 write_result(ctx, "Invalid FQDN '%s'", fqdn); 565 free(fqdn); 566 return -1; 567 } 568 569 mkdir("SP", S_IRWXU); 570 snprintf(fname, fname_len, "SP/%s", fqdn); 571 if (mkdir(fname, S_IRWXU) < 0) { 572 if (errno != EEXIST) { 573 int err = errno; 574 wpa_printf(MSG_INFO, "mkdir(%s) failed: %s", 575 fname, strerror(err)); 576 free(fqdn); 577 return -1; 578 } 579 } 580 581#ifdef ANDROID 582 /* Allow processes running with Group ID as AID_WIFI, 583 * to read files from SP/<fqdn> directory */ 584 if (chown(fname, -1, AID_WIFI)) { 585 wpa_printf(MSG_INFO, "CTRL: Could not chown directory: %s", 586 strerror(errno)); 587 /* Try to continue anyway */ 588 } 589 if (chmod(fname, S_IRWXU | S_IRGRP | S_IXGRP) < 0) { 590 wpa_printf(MSG_INFO, "CTRL: Could not chmod directory: %s", 591 strerror(errno)); 592 /* Try to continue anyway */ 593 } 594#endif /* ANDROID */ 595 596 snprintf(fname, fname_len, "SP/%s/pps.xml", fqdn); 597 598 if (os_file_exists(fname)) { 599 wpa_printf(MSG_INFO, "PPS file '%s' exists - reject addMO", 600 fname); 601 write_result(ctx, "PPS file '%s' exists - reject addMO", 602 fname); 603 free(fqdn); 604 return -2; 605 } 606 wpa_printf(MSG_INFO, "Using PPS file: %s", fname); 607 608 str = xml_node_get_text(ctx->xml, add_mo); 609 if (str == NULL) { 610 wpa_printf(MSG_INFO, "Could not extract MO text"); 611 free(fqdn); 612 return -1; 613 } 614 wpa_printf(MSG_DEBUG, "[hs20] addMO text: '%s'", str); 615 616 tnds = xml_node_from_buf(ctx->xml, str); 617 xml_node_get_text_free(ctx->xml, str); 618 if (tnds == NULL) { 619 wpa_printf(MSG_INFO, "[hs20] Could not parse addMO text"); 620 free(fqdn); 621 return -1; 622 } 623 624 mo = tnds_to_mo(ctx->xml, tnds); 625 if (mo == NULL) { 626 wpa_printf(MSG_INFO, "[hs20] Could not parse addMO TNDS text"); 627 free(fqdn); 628 return -1; 629 } 630 631 debug_dump_node(ctx, "Parsed TNDS", mo); 632 633 name = xml_node_get_localname(ctx->xml, mo); 634 if (os_strcasecmp(name, "PerProviderSubscription") != 0) { 635 wpa_printf(MSG_INFO, "[hs20] Unexpected PPS MO root node name '%s'", 636 name); 637 free(fqdn); 638 return -1; 639 } 640 641 cert = get_child_node(ctx->xml, mo, 642 "Credential/DigitalCertificate/" 643 "CertSHA256Fingerprint"); 644 if (cert && process_est_cert(ctx, cert, fqdn) < 0) { 645 xml_node_free(ctx->xml, mo); 646 free(fqdn); 647 return -1; 648 } 649 free(fqdn); 650 651 if (node_to_file(ctx->xml, fname, mo) < 0) { 652 wpa_printf(MSG_INFO, "Could not write MO to file"); 653 xml_node_free(ctx->xml, mo); 654 return -1; 655 } 656 xml_node_free(ctx->xml, mo); 657 658 wpa_printf(MSG_INFO, "A new PPS MO added as '%s'", fname); 659 write_summary(ctx, "A new PPS MO added as '%s'", fname); 660 661 ret = download_trust_roots(ctx, fname); 662 if (ret < 0) { 663 wpa_printf(MSG_INFO, "Remove invalid PPS MO file"); 664 write_summary(ctx, "Remove invalid PPS MO file"); 665 unlink(fname); 666 } 667 668 return ret; 669} 670 671 672int update_pps_file(struct hs20_osu_client *ctx, const char *pps_fname, 673 xml_node_t *pps) 674{ 675 char *str; 676 FILE *f; 677 char backup[300]; 678 679 if (ctx->client_cert_present) { 680 xml_node_t *cert; 681 cert = get_child_node(ctx->xml, pps, 682 "Credential/DigitalCertificate/" 683 "CertSHA256Fingerprint"); 684 if (cert && os_file_exists("Cert/est_cert.der") && 685 process_est_cert(ctx, cert, ctx->fqdn) < 0) { 686 wpa_printf(MSG_INFO, "EST certificate update processing failed on PPS MO update"); 687 return -1; 688 } 689 } 690 691 wpa_printf(MSG_INFO, "Updating PPS MO %s", pps_fname); 692 693 str = xml_node_to_str(ctx->xml, pps); 694 if (str == NULL) { 695 wpa_printf(MSG_ERROR, "No node found"); 696 return -1; 697 } 698 wpa_printf(MSG_MSGDUMP, "[hs20] Updated PPS: '%s'", str); 699 700 snprintf(backup, sizeof(backup), "%s.bak", pps_fname); 701 rename(pps_fname, backup); 702 f = fopen(pps_fname, "w"); 703 if (f == NULL) { 704 wpa_printf(MSG_INFO, "Could not write PPS"); 705 rename(backup, pps_fname); 706 free(str); 707 return -1; 708 } 709 fprintf(f, "%s\n", str); 710 fclose(f); 711 712 free(str); 713 714 return 0; 715} 716 717 718void get_user_pw(struct hs20_osu_client *ctx, xml_node_t *pps, 719 const char *alt_loc, char **user, char **pw) 720{ 721 xml_node_t *node; 722 723 node = get_child_node(ctx->xml, pps, 724 "Credential/UsernamePassword/Username"); 725 if (node) 726 *user = xml_node_get_text(ctx->xml, node); 727 728 node = get_child_node(ctx->xml, pps, 729 "Credential/UsernamePassword/Password"); 730 if (node) 731 *pw = xml_node_get_base64_text(ctx->xml, node, NULL); 732 733 node = get_child_node(ctx->xml, pps, alt_loc); 734 if (node) { 735 xml_node_t *a; 736 a = get_node(ctx->xml, node, "Username"); 737 if (a) { 738 xml_node_get_text_free(ctx->xml, *user); 739 *user = xml_node_get_text(ctx->xml, a); 740 wpa_printf(MSG_INFO, "Use OSU username '%s'", *user); 741 } 742 743 a = get_node(ctx->xml, node, "Password"); 744 if (a) { 745 free(*pw); 746 *pw = xml_node_get_base64_text(ctx->xml, a, NULL); 747 wpa_printf(MSG_INFO, "Use OSU password"); 748 } 749 } 750} 751 752 753/* Remove old credentials based on HomeSP/FQDN */ 754static void remove_sp_creds(struct hs20_osu_client *ctx, const char *fqdn) 755{ 756 char cmd[300]; 757 os_snprintf(cmd, sizeof(cmd), "REMOVE_CRED provisioning_sp=%s", fqdn); 758 if (wpa_command(ctx->ifname, cmd) < 0) 759 wpa_printf(MSG_INFO, "Failed to remove old credential(s)"); 760} 761 762 763static void set_pps_cred_policy_spe(struct hs20_osu_client *ctx, int id, 764 xml_node_t *spe) 765{ 766 xml_node_t *ssid; 767 char *txt; 768 769 ssid = get_node(ctx->xml, spe, "SSID"); 770 if (ssid == NULL) 771 return; 772 txt = xml_node_get_text(ctx->xml, ssid); 773 if (txt == NULL) 774 return; 775 wpa_printf(MSG_DEBUG, "- Policy/SPExclusionList/<X+>/SSID = %s", txt); 776 if (set_cred_quoted(ctx->ifname, id, "excluded_ssid", txt) < 0) 777 wpa_printf(MSG_INFO, "Failed to set cred excluded_ssid"); 778 xml_node_get_text_free(ctx->xml, txt); 779} 780 781 782static void set_pps_cred_policy_spel(struct hs20_osu_client *ctx, int id, 783 xml_node_t *spel) 784{ 785 xml_node_t *child; 786 787 xml_node_for_each_child(ctx->xml, child, spel) { 788 xml_node_for_each_check(ctx->xml, child); 789 set_pps_cred_policy_spe(ctx, id, child); 790 } 791} 792 793 794static void set_pps_cred_policy_prp(struct hs20_osu_client *ctx, int id, 795 xml_node_t *prp) 796{ 797 xml_node_t *node; 798 char *txt = NULL, *pos; 799 char *prio, *country_buf = NULL; 800 const char *country; 801 char val[200]; 802 int priority; 803 804 node = get_node(ctx->xml, prp, "Priority"); 805 if (node == NULL) 806 return; 807 prio = xml_node_get_text(ctx->xml, node); 808 if (prio == NULL) 809 return; 810 wpa_printf(MSG_INFO, "- Policy/PreferredRoamingPartnerList/<X+>/Priority = %s", 811 prio); 812 priority = atoi(prio); 813 xml_node_get_text_free(ctx->xml, prio); 814 815 node = get_node(ctx->xml, prp, "Country"); 816 if (node) { 817 country_buf = xml_node_get_text(ctx->xml, node); 818 if (country_buf == NULL) 819 return; 820 country = country_buf; 821 wpa_printf(MSG_INFO, "- Policy/PreferredRoamingPartnerList/<X+>/Country = %s", 822 country); 823 } else { 824 country = "*"; 825 } 826 827 node = get_node(ctx->xml, prp, "FQDN_Match"); 828 if (node == NULL) 829 goto out; 830 txt = xml_node_get_text(ctx->xml, node); 831 if (txt == NULL) 832 goto out; 833 wpa_printf(MSG_INFO, "- Policy/PreferredRoamingPartnerList/<X+>/FQDN_Match = %s", 834 txt); 835 pos = strrchr(txt, ','); 836 if (pos == NULL) 837 goto out; 838 *pos++ = '\0'; 839 840 snprintf(val, sizeof(val), "%s,%d,%d,%s", txt, 841 strcmp(pos, "includeSubdomains") != 0, priority, country); 842 if (set_cred_quoted(ctx->ifname, id, "roaming_partner", val) < 0) 843 wpa_printf(MSG_INFO, "Failed to set cred roaming_partner"); 844out: 845 xml_node_get_text_free(ctx->xml, country_buf); 846 xml_node_get_text_free(ctx->xml, txt); 847} 848 849 850static void set_pps_cred_policy_prpl(struct hs20_osu_client *ctx, int id, 851 xml_node_t *prpl) 852{ 853 xml_node_t *child; 854 855 xml_node_for_each_child(ctx->xml, child, prpl) { 856 xml_node_for_each_check(ctx->xml, child); 857 set_pps_cred_policy_prp(ctx, id, child); 858 } 859} 860 861 862static void set_pps_cred_policy_min_backhaul(struct hs20_osu_client *ctx, int id, 863 xml_node_t *min_backhaul) 864{ 865 xml_node_t *node; 866 char *type, *dl = NULL, *ul = NULL; 867 int home; 868 869 node = get_node(ctx->xml, min_backhaul, "NetworkType"); 870 if (node == NULL) { 871 wpa_printf(MSG_INFO, "Ignore MinBackhaulThreshold without mandatory NetworkType node"); 872 return; 873 } 874 875 type = xml_node_get_text(ctx->xml, node); 876 if (type == NULL) 877 return; 878 wpa_printf(MSG_INFO, "- Policy/MinBackhaulThreshold/<X+>/NetworkType = %s", 879 type); 880 if (os_strcasecmp(type, "home") == 0) 881 home = 1; 882 else if (os_strcasecmp(type, "roaming") == 0) 883 home = 0; 884 else { 885 wpa_printf(MSG_INFO, "Ignore MinBackhaulThreshold with invalid NetworkType"); 886 xml_node_get_text_free(ctx->xml, type); 887 return; 888 } 889 xml_node_get_text_free(ctx->xml, type); 890 891 node = get_node(ctx->xml, min_backhaul, "DLBandwidth"); 892 if (node) 893 dl = xml_node_get_text(ctx->xml, node); 894 895 node = get_node(ctx->xml, min_backhaul, "ULBandwidth"); 896 if (node) 897 ul = xml_node_get_text(ctx->xml, node); 898 899 if (dl == NULL && ul == NULL) { 900 wpa_printf(MSG_INFO, "Ignore MinBackhaulThreshold without either DLBandwidth or ULBandwidth nodes"); 901 return; 902 } 903 904 if (dl) 905 wpa_printf(MSG_INFO, "- Policy/MinBackhaulThreshold/<X+>/DLBandwidth = %s", 906 dl); 907 if (ul) 908 wpa_printf(MSG_INFO, "- Policy/MinBackhaulThreshold/<X+>/ULBandwidth = %s", 909 ul); 910 911 if (home) { 912 if (dl && 913 set_cred(ctx->ifname, id, "min_dl_bandwidth_home", dl) < 0) 914 wpa_printf(MSG_INFO, "Failed to set cred bandwidth limit"); 915 if (ul && 916 set_cred(ctx->ifname, id, "min_ul_bandwidth_home", ul) < 0) 917 wpa_printf(MSG_INFO, "Failed to set cred bandwidth limit"); 918 } else { 919 if (dl && 920 set_cred(ctx->ifname, id, "min_dl_bandwidth_roaming", dl) < 921 0) 922 wpa_printf(MSG_INFO, "Failed to set cred bandwidth limit"); 923 if (ul && 924 set_cred(ctx->ifname, id, "min_ul_bandwidth_roaming", ul) < 925 0) 926 wpa_printf(MSG_INFO, "Failed to set cred bandwidth limit"); 927 } 928 929 xml_node_get_text_free(ctx->xml, dl); 930 xml_node_get_text_free(ctx->xml, ul); 931} 932 933 934static void set_pps_cred_policy_min_backhaul_list(struct hs20_osu_client *ctx, 935 int id, xml_node_t *node) 936{ 937 xml_node_t *child; 938 939 wpa_printf(MSG_INFO, "- Policy/MinBackhaulThreshold"); 940 941 xml_node_for_each_child(ctx->xml, child, node) { 942 xml_node_for_each_check(ctx->xml, child); 943 set_pps_cred_policy_min_backhaul(ctx, id, child); 944 } 945} 946 947 948static void set_pps_cred_policy_update(struct hs20_osu_client *ctx, int id, 949 xml_node_t *node) 950{ 951 wpa_printf(MSG_INFO, "- Policy/PolicyUpdate"); 952 /* Not used in wpa_supplicant */ 953} 954 955 956static void set_pps_cred_policy_required_proto_port(struct hs20_osu_client *ctx, 957 int id, xml_node_t *tuple) 958{ 959 xml_node_t *node; 960 char *proto, *port; 961 char *buf; 962 size_t buflen; 963 964 node = get_node(ctx->xml, tuple, "IPProtocol"); 965 if (node == NULL) { 966 wpa_printf(MSG_INFO, "Ignore RequiredProtoPortTuple without mandatory IPProtocol node"); 967 return; 968 } 969 970 proto = xml_node_get_text(ctx->xml, node); 971 if (proto == NULL) 972 return; 973 974 wpa_printf(MSG_INFO, "- Policy/RequiredProtoPortTuple/<X+>/IPProtocol = %s", 975 proto); 976 977 node = get_node(ctx->xml, tuple, "PortNumber"); 978 port = node ? xml_node_get_text(ctx->xml, node) : NULL; 979 if (port) { 980 wpa_printf(MSG_INFO, "- Policy/RequiredProtoPortTuple/<X+>/PortNumber = %s", 981 port); 982 buflen = os_strlen(proto) + os_strlen(port) + 10; 983 buf = os_malloc(buflen); 984 if (buf) 985 os_snprintf(buf, buflen, "%s:%s", proto, port); 986 xml_node_get_text_free(ctx->xml, port); 987 } else { 988 buflen = os_strlen(proto) + 10; 989 buf = os_malloc(buflen); 990 if (buf) 991 os_snprintf(buf, buflen, "%s", proto); 992 } 993 994 xml_node_get_text_free(ctx->xml, proto); 995 996 if (buf == NULL) 997 return; 998 999 if (set_cred(ctx->ifname, id, "req_conn_capab", buf) < 0) 1000 wpa_printf(MSG_INFO, "Could not set req_conn_capab"); 1001 1002 os_free(buf); 1003} 1004 1005 1006static void set_pps_cred_policy_required_proto_ports(struct hs20_osu_client *ctx, 1007 int id, xml_node_t *node) 1008{ 1009 xml_node_t *child; 1010 1011 wpa_printf(MSG_INFO, "- Policy/RequiredProtoPortTuple"); 1012 1013 xml_node_for_each_child(ctx->xml, child, node) { 1014 xml_node_for_each_check(ctx->xml, child); 1015 set_pps_cred_policy_required_proto_port(ctx, id, child); 1016 } 1017} 1018 1019 1020static void set_pps_cred_policy_max_bss_load(struct hs20_osu_client *ctx, int id, 1021 xml_node_t *node) 1022{ 1023 char *str = xml_node_get_text(ctx->xml, node); 1024 if (str == NULL) 1025 return; 1026 wpa_printf(MSG_INFO, "- Policy/MaximumBSSLoadValue - %s", str); 1027 if (set_cred(ctx->ifname, id, "max_bss_load", str) < 0) 1028 wpa_printf(MSG_INFO, "Failed to set cred max_bss_load limit"); 1029 xml_node_get_text_free(ctx->xml, str); 1030} 1031 1032 1033static void set_pps_cred_policy(struct hs20_osu_client *ctx, int id, 1034 xml_node_t *node) 1035{ 1036 xml_node_t *child; 1037 const char *name; 1038 1039 wpa_printf(MSG_INFO, "- Policy"); 1040 1041 xml_node_for_each_child(ctx->xml, child, node) { 1042 xml_node_for_each_check(ctx->xml, child); 1043 name = xml_node_get_localname(ctx->xml, child); 1044 if (os_strcasecmp(name, "PreferredRoamingPartnerList") == 0) 1045 set_pps_cred_policy_prpl(ctx, id, child); 1046 else if (os_strcasecmp(name, "MinBackhaulThreshold") == 0) 1047 set_pps_cred_policy_min_backhaul_list(ctx, id, child); 1048 else if (os_strcasecmp(name, "PolicyUpdate") == 0) 1049 set_pps_cred_policy_update(ctx, id, child); 1050 else if (os_strcasecmp(name, "SPExclusionList") == 0) 1051 set_pps_cred_policy_spel(ctx, id, child); 1052 else if (os_strcasecmp(name, "RequiredProtoPortTuple") == 0) 1053 set_pps_cred_policy_required_proto_ports(ctx, id, child); 1054 else if (os_strcasecmp(name, "MaximumBSSLoadValue") == 0) 1055 set_pps_cred_policy_max_bss_load(ctx, id, child); 1056 else 1057 wpa_printf(MSG_INFO, "Unknown Policy node '%s'", name); 1058 } 1059} 1060 1061 1062static void set_pps_cred_priority(struct hs20_osu_client *ctx, int id, 1063 xml_node_t *node) 1064{ 1065 char *str = xml_node_get_text(ctx->xml, node); 1066 if (str == NULL) 1067 return; 1068 wpa_printf(MSG_INFO, "- CredentialPriority = %s", str); 1069 if (set_cred(ctx->ifname, id, "sp_priority", str) < 0) 1070 wpa_printf(MSG_INFO, "Failed to set cred sp_priority"); 1071 xml_node_get_text_free(ctx->xml, str); 1072} 1073 1074 1075static void set_pps_cred_aaa_server_trust_root(struct hs20_osu_client *ctx, 1076 int id, xml_node_t *node) 1077{ 1078 wpa_printf(MSG_INFO, "- AAAServerTrustRoot - TODO"); 1079} 1080 1081 1082static void set_pps_cred_sub_update(struct hs20_osu_client *ctx, int id, 1083 xml_node_t *node) 1084{ 1085 wpa_printf(MSG_INFO, "- SubscriptionUpdate"); 1086 /* not used within wpa_supplicant */ 1087} 1088 1089 1090static void set_pps_cred_home_sp_network_id(struct hs20_osu_client *ctx, 1091 int id, xml_node_t *node) 1092{ 1093 xml_node_t *ssid_node, *hessid_node; 1094 char *ssid, *hessid; 1095 1096 ssid_node = get_node(ctx->xml, node, "SSID"); 1097 if (ssid_node == NULL) { 1098 wpa_printf(MSG_INFO, "Ignore HomeSP/NetworkID without mandatory SSID node"); 1099 return; 1100 } 1101 1102 hessid_node = get_node(ctx->xml, node, "HESSID"); 1103 1104 ssid = xml_node_get_text(ctx->xml, ssid_node); 1105 if (ssid == NULL) 1106 return; 1107 hessid = hessid_node ? xml_node_get_text(ctx->xml, hessid_node) : NULL; 1108 1109 wpa_printf(MSG_INFO, "- HomeSP/NetworkID/<X+>/SSID = %s", ssid); 1110 if (hessid) 1111 wpa_printf(MSG_INFO, "- HomeSP/NetworkID/<X+>/HESSID = %s", 1112 hessid); 1113 1114 /* TODO: Configure to wpa_supplicant */ 1115 1116 xml_node_get_text_free(ctx->xml, ssid); 1117 xml_node_get_text_free(ctx->xml, hessid); 1118} 1119 1120 1121static void set_pps_cred_home_sp_network_ids(struct hs20_osu_client *ctx, 1122 int id, xml_node_t *node) 1123{ 1124 xml_node_t *child; 1125 1126 wpa_printf(MSG_INFO, "- HomeSP/NetworkID"); 1127 1128 xml_node_for_each_child(ctx->xml, child, node) { 1129 xml_node_for_each_check(ctx->xml, child); 1130 set_pps_cred_home_sp_network_id(ctx, id, child); 1131 } 1132} 1133 1134 1135static void set_pps_cred_home_sp_friendly_name(struct hs20_osu_client *ctx, 1136 int id, xml_node_t *node) 1137{ 1138 char *str = xml_node_get_text(ctx->xml, node); 1139 if (str == NULL) 1140 return; 1141 wpa_printf(MSG_INFO, "- HomeSP/FriendlyName = %s", str); 1142 /* not used within wpa_supplicant(?) */ 1143 xml_node_get_text_free(ctx->xml, str); 1144} 1145 1146 1147static void set_pps_cred_home_sp_icon_url(struct hs20_osu_client *ctx, 1148 int id, xml_node_t *node) 1149{ 1150 char *str = xml_node_get_text(ctx->xml, node); 1151 if (str == NULL) 1152 return; 1153 wpa_printf(MSG_INFO, "- HomeSP/IconURL = %s", str); 1154 /* not used within wpa_supplicant */ 1155 xml_node_get_text_free(ctx->xml, str); 1156} 1157 1158 1159static void set_pps_cred_home_sp_fqdn(struct hs20_osu_client *ctx, int id, 1160 xml_node_t *node) 1161{ 1162 char *str = xml_node_get_text(ctx->xml, node); 1163 if (str == NULL) 1164 return; 1165 wpa_printf(MSG_INFO, "- HomeSP/FQDN = %s", str); 1166 if (set_cred_quoted(ctx->ifname, id, "domain", str) < 0) 1167 wpa_printf(MSG_INFO, "Failed to set cred domain"); 1168 if (set_cred_quoted(ctx->ifname, id, "domain_suffix_match", str) < 0) 1169 wpa_printf(MSG_INFO, "Failed to set cred domain_suffix_match"); 1170 xml_node_get_text_free(ctx->xml, str); 1171} 1172 1173 1174static void set_pps_cred_home_sp_oi(struct hs20_osu_client *ctx, int id, 1175 xml_node_t *node) 1176{ 1177 xml_node_t *child; 1178 const char *name; 1179 char *homeoi = NULL; 1180 int required = 0; 1181 char *str; 1182 1183 xml_node_for_each_child(ctx->xml, child, node) { 1184 xml_node_for_each_check(ctx->xml, child); 1185 name = xml_node_get_localname(ctx->xml, child); 1186 if (strcasecmp(name, "HomeOI") == 0 && !homeoi) { 1187 homeoi = xml_node_get_text(ctx->xml, child); 1188 wpa_printf(MSG_INFO, "- HomeSP/HomeOIList/<X+>/HomeOI = %s", 1189 homeoi); 1190 } else if (strcasecmp(name, "HomeOIRequired") == 0) { 1191 str = xml_node_get_text(ctx->xml, child); 1192 wpa_printf(MSG_INFO, "- HomeSP/HomeOIList/<X+>/HomeOIRequired = '%s'", 1193 str); 1194 if (str == NULL) 1195 continue; 1196 required = strcasecmp(str, "true") == 0; 1197 xml_node_get_text_free(ctx->xml, str); 1198 } else 1199 wpa_printf(MSG_INFO, "Unknown HomeOIList node '%s'", 1200 name); 1201 } 1202 1203 if (homeoi == NULL) { 1204 wpa_printf(MSG_INFO, "- HomeSP/HomeOIList/<X+> without HomeOI ignored"); 1205 return; 1206 } 1207 1208 wpa_printf(MSG_INFO, "- HomeSP/HomeOIList/<X+> '%s' required=%d", 1209 homeoi, required); 1210 1211 if (required) { 1212 if (set_cred(ctx->ifname, id, "required_roaming_consortium", 1213 homeoi) < 0) 1214 wpa_printf(MSG_INFO, "Failed to set cred required_roaming_consortium"); 1215 } else { 1216 if (set_cred_quoted(ctx->ifname, id, "roaming_consortium", 1217 homeoi) < 0) 1218 wpa_printf(MSG_INFO, "Failed to set cred roaming_consortium"); 1219 } 1220 1221 xml_node_get_text_free(ctx->xml, homeoi); 1222} 1223 1224 1225static void set_pps_cred_home_sp_oi_list(struct hs20_osu_client *ctx, int id, 1226 xml_node_t *node) 1227{ 1228 xml_node_t *child; 1229 1230 wpa_printf(MSG_INFO, "- HomeSP/HomeOIList"); 1231 1232 xml_node_for_each_child(ctx->xml, child, node) { 1233 xml_node_for_each_check(ctx->xml, child); 1234 set_pps_cred_home_sp_oi(ctx, id, child); 1235 } 1236} 1237 1238 1239static void set_pps_cred_home_sp_other_partner(struct hs20_osu_client *ctx, 1240 int id, xml_node_t *node) 1241{ 1242 xml_node_t *child; 1243 const char *name; 1244 char *fqdn = NULL; 1245 1246 xml_node_for_each_child(ctx->xml, child, node) { 1247 xml_node_for_each_check(ctx->xml, child); 1248 name = xml_node_get_localname(ctx->xml, child); 1249 if (os_strcasecmp(name, "FQDN") == 0 && !fqdn) { 1250 fqdn = xml_node_get_text(ctx->xml, child); 1251 wpa_printf(MSG_INFO, "- HomeSP/OtherHomePartners/<X+>/FQDN = %s", 1252 fqdn); 1253 } else 1254 wpa_printf(MSG_INFO, "Unknown OtherHomePartners node '%s'", 1255 name); 1256 } 1257 1258 if (fqdn == NULL) { 1259 wpa_printf(MSG_INFO, "- HomeSP/OtherHomePartners/<X+> without FQDN ignored"); 1260 return; 1261 } 1262 1263 if (set_cred_quoted(ctx->ifname, id, "domain", fqdn) < 0) 1264 wpa_printf(MSG_INFO, "Failed to set cred domain for OtherHomePartners node"); 1265 1266 xml_node_get_text_free(ctx->xml, fqdn); 1267} 1268 1269 1270static void set_pps_cred_home_sp_other_partners(struct hs20_osu_client *ctx, 1271 int id, 1272 xml_node_t *node) 1273{ 1274 xml_node_t *child; 1275 1276 wpa_printf(MSG_INFO, "- HomeSP/OtherHomePartners"); 1277 1278 xml_node_for_each_child(ctx->xml, child, node) { 1279 xml_node_for_each_check(ctx->xml, child); 1280 set_pps_cred_home_sp_other_partner(ctx, id, child); 1281 } 1282} 1283 1284 1285static void set_pps_cred_home_sp_roaming_consortium_oi( 1286 struct hs20_osu_client *ctx, int id, xml_node_t *node) 1287{ 1288 char *str = xml_node_get_text(ctx->xml, node); 1289 if (str == NULL) 1290 return; 1291 wpa_printf(MSG_INFO, "- HomeSP/RoamingConsortiumOI = %s", str); 1292 /* TODO: Set to wpa_supplicant */ 1293 xml_node_get_text_free(ctx->xml, str); 1294} 1295 1296 1297static void set_pps_cred_home_sp(struct hs20_osu_client *ctx, int id, 1298 xml_node_t *node) 1299{ 1300 xml_node_t *child; 1301 const char *name; 1302 1303 wpa_printf(MSG_INFO, "- HomeSP"); 1304 1305 xml_node_for_each_child(ctx->xml, child, node) { 1306 xml_node_for_each_check(ctx->xml, child); 1307 name = xml_node_get_localname(ctx->xml, child); 1308 if (os_strcasecmp(name, "NetworkID") == 0) 1309 set_pps_cred_home_sp_network_ids(ctx, id, child); 1310 else if (os_strcasecmp(name, "FriendlyName") == 0) 1311 set_pps_cred_home_sp_friendly_name(ctx, id, child); 1312 else if (os_strcasecmp(name, "IconURL") == 0) 1313 set_pps_cred_home_sp_icon_url(ctx, id, child); 1314 else if (os_strcasecmp(name, "FQDN") == 0) 1315 set_pps_cred_home_sp_fqdn(ctx, id, child); 1316 else if (os_strcasecmp(name, "HomeOIList") == 0) 1317 set_pps_cred_home_sp_oi_list(ctx, id, child); 1318 else if (os_strcasecmp(name, "OtherHomePartners") == 0) 1319 set_pps_cred_home_sp_other_partners(ctx, id, child); 1320 else if (os_strcasecmp(name, "RoamingConsortiumOI") == 0) 1321 set_pps_cred_home_sp_roaming_consortium_oi(ctx, id, 1322 child); 1323 else 1324 wpa_printf(MSG_INFO, "Unknown HomeSP node '%s'", name); 1325 } 1326} 1327 1328 1329static void set_pps_cred_sub_params(struct hs20_osu_client *ctx, int id, 1330 xml_node_t *node) 1331{ 1332 wpa_printf(MSG_INFO, "- SubscriptionParameters"); 1333 /* not used within wpa_supplicant */ 1334} 1335 1336 1337static void set_pps_cred_creation_date(struct hs20_osu_client *ctx, int id, 1338 xml_node_t *node) 1339{ 1340 char *str = xml_node_get_text(ctx->xml, node); 1341 if (str == NULL) 1342 return; 1343 wpa_printf(MSG_INFO, "- Credential/CreationDate = %s", str); 1344 /* not used within wpa_supplicant */ 1345 xml_node_get_text_free(ctx->xml, str); 1346} 1347 1348 1349static void set_pps_cred_expiration_date(struct hs20_osu_client *ctx, int id, 1350 xml_node_t *node) 1351{ 1352 char *str = xml_node_get_text(ctx->xml, node); 1353 if (str == NULL) 1354 return; 1355 wpa_printf(MSG_INFO, "- Credential/ExpirationDate = %s", str); 1356 /* not used within wpa_supplicant */ 1357 xml_node_get_text_free(ctx->xml, str); 1358} 1359 1360 1361static void set_pps_cred_username(struct hs20_osu_client *ctx, int id, 1362 xml_node_t *node) 1363{ 1364 char *str = xml_node_get_text(ctx->xml, node); 1365 if (str == NULL) 1366 return; 1367 wpa_printf(MSG_INFO, "- Credential/UsernamePassword/Username = %s", 1368 str); 1369 if (set_cred_quoted(ctx->ifname, id, "username", str) < 0) 1370 wpa_printf(MSG_INFO, "Failed to set cred username"); 1371 xml_node_get_text_free(ctx->xml, str); 1372} 1373 1374 1375static void set_pps_cred_password(struct hs20_osu_client *ctx, int id, 1376 xml_node_t *node) 1377{ 1378 int len, i; 1379 char *pw, *hex, *pos, *end; 1380 1381 pw = xml_node_get_base64_text(ctx->xml, node, &len); 1382 if (pw == NULL) 1383 return; 1384 1385 wpa_printf(MSG_INFO, "- Credential/UsernamePassword/Password = %s", pw); 1386 1387 hex = malloc(len * 2 + 1); 1388 if (hex == NULL) { 1389 free(pw); 1390 return; 1391 } 1392 end = hex + len * 2 + 1; 1393 pos = hex; 1394 for (i = 0; i < len; i++) { 1395 snprintf(pos, end - pos, "%02x", pw[i]); 1396 pos += 2; 1397 } 1398 free(pw); 1399 1400 if (set_cred(ctx->ifname, id, "password", hex) < 0) 1401 wpa_printf(MSG_INFO, "Failed to set cred password"); 1402 free(hex); 1403} 1404 1405 1406static void set_pps_cred_machine_managed(struct hs20_osu_client *ctx, int id, 1407 xml_node_t *node) 1408{ 1409 char *str = xml_node_get_text(ctx->xml, node); 1410 if (str == NULL) 1411 return; 1412 wpa_printf(MSG_INFO, "- Credential/UsernamePassword/MachineManaged = %s", 1413 str); 1414 /* not used within wpa_supplicant */ 1415 xml_node_get_text_free(ctx->xml, str); 1416} 1417 1418 1419static void set_pps_cred_soft_token_app(struct hs20_osu_client *ctx, int id, 1420 xml_node_t *node) 1421{ 1422 char *str = xml_node_get_text(ctx->xml, node); 1423 if (str == NULL) 1424 return; 1425 wpa_printf(MSG_INFO, "- Credential/UsernamePassword/SoftTokenApp = %s", 1426 str); 1427 /* not used within wpa_supplicant */ 1428 xml_node_get_text_free(ctx->xml, str); 1429} 1430 1431 1432static void set_pps_cred_able_to_share(struct hs20_osu_client *ctx, int id, 1433 xml_node_t *node) 1434{ 1435 char *str = xml_node_get_text(ctx->xml, node); 1436 if (str == NULL) 1437 return; 1438 wpa_printf(MSG_INFO, "- Credential/UsernamePassword/AbleToShare = %s", 1439 str); 1440 /* not used within wpa_supplicant */ 1441 xml_node_get_text_free(ctx->xml, str); 1442} 1443 1444 1445static void set_pps_cred_eap_method(struct hs20_osu_client *ctx, int id, 1446 xml_node_t *node) 1447{ 1448 wpa_printf(MSG_INFO, "- Credential/UsernamePassword/EAPMethod - TODO"); 1449} 1450 1451 1452static void set_pps_cred_username_password(struct hs20_osu_client *ctx, int id, 1453 xml_node_t *node) 1454{ 1455 xml_node_t *child; 1456 const char *name; 1457 1458 wpa_printf(MSG_INFO, "- Credential/UsernamePassword"); 1459 1460 xml_node_for_each_child(ctx->xml, child, node) { 1461 xml_node_for_each_check(ctx->xml, child); 1462 name = xml_node_get_localname(ctx->xml, child); 1463 if (os_strcasecmp(name, "Username") == 0) 1464 set_pps_cred_username(ctx, id, child); 1465 else if (os_strcasecmp(name, "Password") == 0) 1466 set_pps_cred_password(ctx, id, child); 1467 else if (os_strcasecmp(name, "MachineManaged") == 0) 1468 set_pps_cred_machine_managed(ctx, id, child); 1469 else if (os_strcasecmp(name, "SoftTokenApp") == 0) 1470 set_pps_cred_soft_token_app(ctx, id, child); 1471 else if (os_strcasecmp(name, "AbleToShare") == 0) 1472 set_pps_cred_able_to_share(ctx, id, child); 1473 else if (os_strcasecmp(name, "EAPMethod") == 0) 1474 set_pps_cred_eap_method(ctx, id, child); 1475 else 1476 wpa_printf(MSG_INFO, "Unknown Credential/UsernamePassword node '%s'", 1477 name); 1478 } 1479} 1480 1481 1482static void set_pps_cred_digital_cert(struct hs20_osu_client *ctx, int id, 1483 xml_node_t *node, const char *fqdn) 1484{ 1485 char buf[200], dir[200]; 1486 1487 wpa_printf(MSG_INFO, "- Credential/DigitalCertificate"); 1488 1489 if (getcwd(dir, sizeof(dir)) == NULL) 1490 return; 1491 1492 /* TODO: could build username from Subject of Subject AltName */ 1493 if (set_cred_quoted(ctx->ifname, id, "username", "cert") < 0) { 1494 wpa_printf(MSG_INFO, "Failed to set username"); 1495 } 1496 1497 snprintf(buf, sizeof(buf), "%s/SP/%s/client-cert.pem", dir, fqdn); 1498 if (os_file_exists(buf)) { 1499 if (set_cred_quoted(ctx->ifname, id, "client_cert", buf) < 0) { 1500 wpa_printf(MSG_INFO, "Failed to set client_cert"); 1501 } 1502 } 1503 1504 snprintf(buf, sizeof(buf), "%s/SP/%s/client-key.pem", dir, fqdn); 1505 if (os_file_exists(buf)) { 1506 if (set_cred_quoted(ctx->ifname, id, "private_key", buf) < 0) { 1507 wpa_printf(MSG_INFO, "Failed to set private_key"); 1508 } 1509 } 1510} 1511 1512 1513static void set_pps_cred_realm(struct hs20_osu_client *ctx, int id, 1514 xml_node_t *node, const char *fqdn, int sim) 1515{ 1516 char *str = xml_node_get_text(ctx->xml, node); 1517 char buf[200], dir[200]; 1518 1519 if (str == NULL) 1520 return; 1521 1522 wpa_printf(MSG_INFO, "- Credential/Realm = %s", str); 1523 if (set_cred_quoted(ctx->ifname, id, "realm", str) < 0) 1524 wpa_printf(MSG_INFO, "Failed to set cred realm"); 1525 xml_node_get_text_free(ctx->xml, str); 1526 1527 if (sim) 1528 return; 1529 1530 if (getcwd(dir, sizeof(dir)) == NULL) 1531 return; 1532 snprintf(buf, sizeof(buf), "%s/SP/%s/aaa-ca.pem", dir, fqdn); 1533 if (os_file_exists(buf)) { 1534 if (set_cred_quoted(ctx->ifname, id, "ca_cert", buf) < 0) { 1535 wpa_printf(MSG_INFO, "Failed to set CA cert"); 1536 } 1537 } 1538} 1539 1540 1541static void set_pps_cred_check_aaa_cert_status(struct hs20_osu_client *ctx, 1542 int id, xml_node_t *node) 1543{ 1544 char *str = xml_node_get_text(ctx->xml, node); 1545 1546 if (str == NULL) 1547 return; 1548 1549 wpa_printf(MSG_INFO, "- Credential/CheckAAAServerCertStatus = %s", str); 1550 if (os_strcasecmp(str, "true") == 0 && 1551 set_cred(ctx->ifname, id, "ocsp", "2") < 0) 1552 wpa_printf(MSG_INFO, "Failed to set cred ocsp"); 1553 xml_node_get_text_free(ctx->xml, str); 1554} 1555 1556 1557static void set_pps_cred_sim(struct hs20_osu_client *ctx, int id, 1558 xml_node_t *sim, xml_node_t *realm) 1559{ 1560 xml_node_t *node; 1561 char *imsi, *eaptype, *str, buf[20]; 1562 int type; 1563 int mnc_len = 3; 1564 size_t imsi_len; 1565 1566 node = get_node(ctx->xml, sim, "EAPType"); 1567 if (node == NULL) { 1568 wpa_printf(MSG_INFO, "No SIM/EAPType node in credential"); 1569 return; 1570 } 1571 eaptype = xml_node_get_text(ctx->xml, node); 1572 if (eaptype == NULL) { 1573 wpa_printf(MSG_INFO, "Could not extract SIM/EAPType"); 1574 return; 1575 } 1576 wpa_printf(MSG_INFO, " - Credential/SIM/EAPType = %s", eaptype); 1577 type = atoi(eaptype); 1578 xml_node_get_text_free(ctx->xml, eaptype); 1579 1580 switch (type) { 1581 case EAP_TYPE_SIM: 1582 if (set_cred(ctx->ifname, id, "eap", "SIM") < 0) 1583 wpa_printf(MSG_INFO, "Could not set eap=SIM"); 1584 break; 1585 case EAP_TYPE_AKA: 1586 if (set_cred(ctx->ifname, id, "eap", "AKA") < 0) 1587 wpa_printf(MSG_INFO, "Could not set eap=SIM"); 1588 break; 1589 case EAP_TYPE_AKA_PRIME: 1590 if (set_cred(ctx->ifname, id, "eap", "AKA'") < 0) 1591 wpa_printf(MSG_INFO, "Could not set eap=SIM"); 1592 break; 1593 default: 1594 wpa_printf(MSG_INFO, "Unsupported SIM/EAPType %d", type); 1595 return; 1596 } 1597 1598 node = get_node(ctx->xml, sim, "IMSI"); 1599 if (node == NULL) { 1600 wpa_printf(MSG_INFO, "No SIM/IMSI node in credential"); 1601 return; 1602 } 1603 imsi = xml_node_get_text(ctx->xml, node); 1604 if (imsi == NULL) { 1605 wpa_printf(MSG_INFO, "Could not extract SIM/IMSI"); 1606 return; 1607 } 1608 wpa_printf(MSG_INFO, " - Credential/SIM/IMSI = %s", imsi); 1609 imsi_len = os_strlen(imsi); 1610 if (imsi_len < 7 || imsi_len + 2 > sizeof(buf)) { 1611 wpa_printf(MSG_INFO, "Invalid IMSI length"); 1612 xml_node_get_text_free(ctx->xml, imsi); 1613 return; 1614 } 1615 1616 str = xml_node_get_text(ctx->xml, node); 1617 if (str) { 1618 char *pos; 1619 pos = os_strstr(str, "mnc"); 1620 if (pos && os_strlen(pos) >= 6) { 1621 if (os_strncmp(imsi + 3, pos + 3, 3) == 0) 1622 mnc_len = 3; 1623 else if (os_strncmp(imsi + 3, pos + 4, 2) == 0) 1624 mnc_len = 2; 1625 } 1626 xml_node_get_text_free(ctx->xml, str); 1627 } 1628 1629 os_memcpy(buf, imsi, 3 + mnc_len); 1630 buf[3 + mnc_len] = '-'; 1631 os_strlcpy(buf + 3 + mnc_len + 1, imsi + 3 + mnc_len, 1632 sizeof(buf) - 3 - mnc_len - 1); 1633 1634 xml_node_get_text_free(ctx->xml, imsi); 1635 1636 if (set_cred_quoted(ctx->ifname, id, "imsi", buf) < 0) 1637 wpa_printf(MSG_INFO, "Could not set IMSI"); 1638 1639 if (set_cred_quoted(ctx->ifname, id, "milenage", 1640 "90dca4eda45b53cf0f12d7c9c3bc6a89:" 1641 "cb9cccc4b9258e6dca4760379fb82581:000000000123") < 1642 0) 1643 wpa_printf(MSG_INFO, "Could not set Milenage parameters"); 1644} 1645 1646 1647static void set_pps_cred_credential(struct hs20_osu_client *ctx, int id, 1648 xml_node_t *node, const char *fqdn) 1649{ 1650 xml_node_t *child, *sim, *realm; 1651 const char *name; 1652 1653 wpa_printf(MSG_INFO, "- Credential"); 1654 1655 sim = get_node(ctx->xml, node, "SIM"); 1656 realm = get_node(ctx->xml, node, "Realm"); 1657 1658 xml_node_for_each_child(ctx->xml, child, node) { 1659 xml_node_for_each_check(ctx->xml, child); 1660 name = xml_node_get_localname(ctx->xml, child); 1661 if (os_strcasecmp(name, "CreationDate") == 0) 1662 set_pps_cred_creation_date(ctx, id, child); 1663 else if (os_strcasecmp(name, "ExpirationDate") == 0) 1664 set_pps_cred_expiration_date(ctx, id, child); 1665 else if (os_strcasecmp(name, "UsernamePassword") == 0) 1666 set_pps_cred_username_password(ctx, id, child); 1667 else if (os_strcasecmp(name, "DigitalCertificate") == 0) 1668 set_pps_cred_digital_cert(ctx, id, child, fqdn); 1669 else if (os_strcasecmp(name, "Realm") == 0) 1670 set_pps_cred_realm(ctx, id, child, fqdn, sim != NULL); 1671 else if (os_strcasecmp(name, "CheckAAAServerCertStatus") == 0) 1672 set_pps_cred_check_aaa_cert_status(ctx, id, child); 1673 else if (os_strcasecmp(name, "SIM") == 0) 1674 set_pps_cred_sim(ctx, id, child, realm); 1675 else 1676 wpa_printf(MSG_INFO, "Unknown Credential node '%s'", 1677 name); 1678 } 1679} 1680 1681 1682static void set_pps_credential(struct hs20_osu_client *ctx, int id, 1683 xml_node_t *cred, const char *fqdn) 1684{ 1685 xml_node_t *child; 1686 const char *name; 1687 1688 xml_node_for_each_child(ctx->xml, child, cred) { 1689 xml_node_for_each_check(ctx->xml, child); 1690 name = xml_node_get_localname(ctx->xml, child); 1691 if (os_strcasecmp(name, "Policy") == 0) 1692 set_pps_cred_policy(ctx, id, child); 1693 else if (os_strcasecmp(name, "CredentialPriority") == 0) 1694 set_pps_cred_priority(ctx, id, child); 1695 else if (os_strcasecmp(name, "AAAServerTrustRoot") == 0) 1696 set_pps_cred_aaa_server_trust_root(ctx, id, child); 1697 else if (os_strcasecmp(name, "SubscriptionUpdate") == 0) 1698 set_pps_cred_sub_update(ctx, id, child); 1699 else if (os_strcasecmp(name, "HomeSP") == 0) 1700 set_pps_cred_home_sp(ctx, id, child); 1701 else if (os_strcasecmp(name, "SubscriptionParameters") == 0) 1702 set_pps_cred_sub_params(ctx, id, child); 1703 else if (os_strcasecmp(name, "Credential") == 0) 1704 set_pps_cred_credential(ctx, id, child, fqdn); 1705 else 1706 wpa_printf(MSG_INFO, "Unknown credential node '%s'", 1707 name); 1708 } 1709} 1710 1711 1712static void set_pps(struct hs20_osu_client *ctx, xml_node_t *pps, 1713 const char *fqdn) 1714{ 1715 xml_node_t *child; 1716 const char *name; 1717 int id; 1718 char *update_identifier = NULL; 1719 1720 /* 1721 * TODO: Could consider more complex mechanism that would remove 1722 * credentials only if there are changes in the information sent to 1723 * wpa_supplicant. 1724 */ 1725 remove_sp_creds(ctx, fqdn); 1726 1727 xml_node_for_each_child(ctx->xml, child, pps) { 1728 xml_node_for_each_check(ctx->xml, child); 1729 name = xml_node_get_localname(ctx->xml, child); 1730 if (os_strcasecmp(name, "UpdateIdentifier") == 0) { 1731 update_identifier = xml_node_get_text(ctx->xml, child); 1732 if (update_identifier) { 1733 wpa_printf(MSG_INFO, "- UpdateIdentifier = %s", 1734 update_identifier); 1735 break; 1736 } 1737 } 1738 } 1739 1740 xml_node_for_each_child(ctx->xml, child, pps) { 1741 xml_node_for_each_check(ctx->xml, child); 1742 name = xml_node_get_localname(ctx->xml, child); 1743 if (os_strcasecmp(name, "UpdateIdentifier") == 0) 1744 continue; 1745 id = add_cred(ctx->ifname); 1746 if (id < 0) { 1747 wpa_printf(MSG_INFO, "Failed to add credential to wpa_supplicant"); 1748 write_summary(ctx, "Failed to add credential to wpa_supplicant"); 1749 break; 1750 } 1751 write_summary(ctx, "Add a credential to wpa_supplicant"); 1752 if (update_identifier && 1753 set_cred(ctx->ifname, id, "update_identifier", 1754 update_identifier) < 0) 1755 wpa_printf(MSG_INFO, "Failed to set update_identifier"); 1756 if (set_cred_quoted(ctx->ifname, id, "provisioning_sp", fqdn) < 1757 0) 1758 wpa_printf(MSG_INFO, "Failed to set provisioning_sp"); 1759 wpa_printf(MSG_INFO, "credential localname: '%s'", name); 1760 set_pps_credential(ctx, id, child, fqdn); 1761 ctx->pps_cred_set = 1; 1762 } 1763 1764 xml_node_get_text_free(ctx->xml, update_identifier); 1765} 1766 1767 1768void cmd_set_pps(struct hs20_osu_client *ctx, const char *pps_fname) 1769{ 1770 xml_node_t *pps; 1771 const char *fqdn; 1772 char *fqdn_buf = NULL, *pos; 1773 1774 pps = node_from_file(ctx->xml, pps_fname); 1775 if (pps == NULL) { 1776 wpa_printf(MSG_INFO, "Could not read or parse '%s'", pps_fname); 1777 return; 1778 } 1779 1780 fqdn = os_strstr(pps_fname, "SP/"); 1781 if (fqdn) { 1782 fqdn_buf = os_strdup(fqdn + 3); 1783 if (fqdn_buf == NULL) 1784 return; 1785 pos = os_strchr(fqdn_buf, '/'); 1786 if (pos) 1787 *pos = '\0'; 1788 fqdn = fqdn_buf; 1789 } else 1790 fqdn = "wi-fi.org"; 1791 1792 wpa_printf(MSG_INFO, "Set PPS MO info to wpa_supplicant - SP FQDN %s", 1793 fqdn); 1794 set_pps(ctx, pps, fqdn); 1795 1796 os_free(fqdn_buf); 1797 xml_node_free(ctx->xml, pps); 1798} 1799 1800 1801static int cmd_get_fqdn(struct hs20_osu_client *ctx, const char *pps_fname) 1802{ 1803 xml_node_t *pps, *node; 1804 char *fqdn = NULL; 1805 1806 pps = node_from_file(ctx->xml, pps_fname); 1807 if (pps == NULL) { 1808 wpa_printf(MSG_INFO, "Could not read or parse '%s'", pps_fname); 1809 return -1; 1810 } 1811 1812 node = get_child_node(ctx->xml, pps, "HomeSP/FQDN"); 1813 if (node) 1814 fqdn = xml_node_get_text(ctx->xml, node); 1815 1816 xml_node_free(ctx->xml, pps); 1817 1818 if (fqdn) { 1819 FILE *f = fopen("pps-fqdn", "w"); 1820 if (f) { 1821 fprintf(f, "%s", fqdn); 1822 fclose(f); 1823 } 1824 xml_node_get_text_free(ctx->xml, fqdn); 1825 return 0; 1826 } 1827 1828 xml_node_get_text_free(ctx->xml, fqdn); 1829 return -1; 1830} 1831 1832 1833static void cmd_to_tnds(struct hs20_osu_client *ctx, const char *in_fname, 1834 const char *out_fname, const char *urn, int use_path) 1835{ 1836 xml_node_t *mo, *node; 1837 1838 mo = node_from_file(ctx->xml, in_fname); 1839 if (mo == NULL) { 1840 wpa_printf(MSG_INFO, "Could not read or parse '%s'", in_fname); 1841 return; 1842 } 1843 1844 node = mo_to_tnds(ctx->xml, mo, use_path, urn, NULL); 1845 if (node) { 1846 node_to_file(ctx->xml, out_fname, node); 1847 xml_node_free(ctx->xml, node); 1848 } 1849 1850 xml_node_free(ctx->xml, mo); 1851} 1852 1853 1854static void cmd_from_tnds(struct hs20_osu_client *ctx, const char *in_fname, 1855 const char *out_fname) 1856{ 1857 xml_node_t *tnds, *mo; 1858 1859 tnds = node_from_file(ctx->xml, in_fname); 1860 if (tnds == NULL) { 1861 wpa_printf(MSG_INFO, "Could not read or parse '%s'", in_fname); 1862 return; 1863 } 1864 1865 mo = tnds_to_mo(ctx->xml, tnds); 1866 if (mo) { 1867 node_to_file(ctx->xml, out_fname, mo); 1868 xml_node_free(ctx->xml, mo); 1869 } 1870 1871 xml_node_free(ctx->xml, tnds); 1872} 1873 1874 1875struct osu_icon { 1876 int id; 1877 char lang[4]; 1878 char mime_type[256]; 1879 char filename[256]; 1880}; 1881 1882struct osu_data { 1883 char bssid[20]; 1884 char url[256]; 1885 unsigned int methods; 1886 char osu_ssid[33]; 1887 char osu_nai[256]; 1888 struct osu_lang_text friendly_name[MAX_OSU_VALS]; 1889 size_t friendly_name_count; 1890 struct osu_lang_text serv_desc[MAX_OSU_VALS]; 1891 size_t serv_desc_count; 1892 struct osu_icon icon[MAX_OSU_VALS]; 1893 size_t icon_count; 1894}; 1895 1896 1897static struct osu_data * parse_osu_providers(const char *fname, size_t *count) 1898{ 1899 FILE *f; 1900 char buf[1000]; 1901 struct osu_data *osu = NULL, *last = NULL; 1902 size_t osu_count = 0; 1903 char *pos, *end; 1904 1905 f = fopen(fname, "r"); 1906 if (f == NULL) { 1907 wpa_printf(MSG_ERROR, "Could not open %s", fname); 1908 return NULL; 1909 } 1910 1911 while (fgets(buf, sizeof(buf), f)) { 1912 pos = strchr(buf, '\n'); 1913 if (pos) 1914 *pos = '\0'; 1915 1916 if (strncmp(buf, "OSU-PROVIDER ", 13) == 0) { 1917 last = realloc(osu, (osu_count + 1) * sizeof(*osu)); 1918 if (last == NULL) 1919 break; 1920 osu = last; 1921 last = &osu[osu_count++]; 1922 memset(last, 0, sizeof(*last)); 1923 snprintf(last->bssid, sizeof(last->bssid), "%s", 1924 buf + 13); 1925 continue; 1926 } 1927 if (!last) 1928 continue; 1929 1930 if (strncmp(buf, "uri=", 4) == 0) { 1931 snprintf(last->url, sizeof(last->url), "%s", buf + 4); 1932 continue; 1933 } 1934 1935 if (strncmp(buf, "methods=", 8) == 0) { 1936 last->methods = strtol(buf + 8, NULL, 16); 1937 continue; 1938 } 1939 1940 if (strncmp(buf, "osu_ssid=", 9) == 0) { 1941 snprintf(last->osu_ssid, sizeof(last->osu_ssid), 1942 "%s", buf + 9); 1943 continue; 1944 } 1945 1946 if (os_strncmp(buf, "osu_nai=", 8) == 0) { 1947 os_snprintf(last->osu_nai, sizeof(last->osu_nai), 1948 "%s", buf + 8); 1949 continue; 1950 } 1951 1952 if (strncmp(buf, "friendly_name=", 14) == 0) { 1953 struct osu_lang_text *txt; 1954 if (last->friendly_name_count == MAX_OSU_VALS) 1955 continue; 1956 pos = strchr(buf + 14, ':'); 1957 if (pos == NULL) 1958 continue; 1959 *pos++ = '\0'; 1960 txt = &last->friendly_name[last->friendly_name_count++]; 1961 snprintf(txt->lang, sizeof(txt->lang), "%s", buf + 14); 1962 snprintf(txt->text, sizeof(txt->text), "%s", pos); 1963 } 1964 1965 if (strncmp(buf, "desc=", 5) == 0) { 1966 struct osu_lang_text *txt; 1967 if (last->serv_desc_count == MAX_OSU_VALS) 1968 continue; 1969 pos = strchr(buf + 5, ':'); 1970 if (pos == NULL) 1971 continue; 1972 *pos++ = '\0'; 1973 txt = &last->serv_desc[last->serv_desc_count++]; 1974 snprintf(txt->lang, sizeof(txt->lang), "%s", buf + 5); 1975 snprintf(txt->text, sizeof(txt->text), "%s", pos); 1976 } 1977 1978 if (strncmp(buf, "icon=", 5) == 0) { 1979 struct osu_icon *icon; 1980 if (last->icon_count == MAX_OSU_VALS) 1981 continue; 1982 icon = &last->icon[last->icon_count++]; 1983 icon->id = atoi(buf + 5); 1984 pos = strchr(buf, ':'); 1985 if (pos == NULL) 1986 continue; 1987 pos = strchr(pos + 1, ':'); 1988 if (pos == NULL) 1989 continue; 1990 pos = strchr(pos + 1, ':'); 1991 if (pos == NULL) 1992 continue; 1993 pos++; 1994 end = strchr(pos, ':'); 1995 if (!end) 1996 continue; 1997 *end = '\0'; 1998 snprintf(icon->lang, sizeof(icon->lang), "%s", pos); 1999 pos = end + 1; 2000 2001 end = strchr(pos, ':'); 2002 if (end) 2003 *end = '\0'; 2004 snprintf(icon->mime_type, sizeof(icon->mime_type), 2005 "%s", pos); 2006 if (!pos) 2007 continue; 2008 pos = end + 1; 2009 2010 end = strchr(pos, ':'); 2011 if (end) 2012 *end = '\0'; 2013 snprintf(icon->filename, sizeof(icon->filename), 2014 "%s", pos); 2015 continue; 2016 } 2017 } 2018 2019 fclose(f); 2020 2021 *count = osu_count; 2022 return osu; 2023} 2024 2025 2026static int osu_connect(struct hs20_osu_client *ctx, const char *bssid, 2027 const char *ssid, const char *url, 2028 unsigned int methods, int no_prod_assoc, 2029 const char *osu_nai) 2030{ 2031 int id; 2032 const char *ifname = ctx->ifname; 2033 char buf[200]; 2034 struct wpa_ctrl *mon; 2035 int res; 2036 2037 id = add_network(ifname); 2038 if (id < 0) 2039 return -1; 2040 if (set_network_quoted(ifname, id, "ssid", ssid) < 0) 2041 return -1; 2042 if (osu_nai && os_strlen(osu_nai) > 0) { 2043 char dir[255], fname[300]; 2044 if (getcwd(dir, sizeof(dir)) == NULL) 2045 return -1; 2046 os_snprintf(fname, sizeof(fname), "%s/osu-ca.pem", dir); 2047 2048 if (set_network(ifname, id, "proto", "OSEN") < 0 || 2049 set_network(ifname, id, "key_mgmt", "OSEN") < 0 || 2050 set_network(ifname, id, "pairwise", "CCMP") < 0 || 2051 set_network(ifname, id, "group", "GTK_NOT_USED") < 0 || 2052 set_network(ifname, id, "eap", "WFA-UNAUTH-TLS") < 0 || 2053 set_network(ifname, id, "ocsp", "2") < 0 || 2054 set_network_quoted(ifname, id, "identity", osu_nai) < 0 || 2055 set_network_quoted(ifname, id, "ca_cert", fname) < 0) 2056 return -1; 2057 } else { 2058 if (set_network(ifname, id, "key_mgmt", "NONE") < 0) 2059 return -1; 2060 } 2061 2062 mon = open_wpa_mon(ifname); 2063 if (mon == NULL) 2064 return -1; 2065 2066 wpa_printf(MSG_INFO, "Associate with OSU SSID"); 2067 write_summary(ctx, "Associate with OSU SSID"); 2068 snprintf(buf, sizeof(buf), "SELECT_NETWORK %d", id); 2069 if (wpa_command(ifname, buf) < 0) 2070 return -1; 2071 2072 res = get_wpa_cli_event(mon, "CTRL-EVENT-CONNECTED", 2073 buf, sizeof(buf)); 2074 2075 wpa_ctrl_detach(mon); 2076 wpa_ctrl_close(mon); 2077 2078 if (res < 0) { 2079 wpa_printf(MSG_INFO, "Could not connect"); 2080 write_summary(ctx, "Could not connect to OSU network"); 2081 wpa_printf(MSG_INFO, "Remove OSU network connection"); 2082 snprintf(buf, sizeof(buf), "REMOVE_NETWORK %d", id); 2083 wpa_command(ifname, buf); 2084 return -1; 2085 } 2086 2087 write_summary(ctx, "Waiting for IP address for subscription registration"); 2088 if (wait_ip_addr(ifname, 15) < 0) { 2089 wpa_printf(MSG_INFO, "Could not get IP address for WLAN - try connection anyway"); 2090 } 2091 2092 if (no_prod_assoc) { 2093 if (res < 0) 2094 return -1; 2095 wpa_printf(MSG_INFO, "No production connection used for testing purposes"); 2096 write_summary(ctx, "No production connection used for testing purposes"); 2097 return 0; 2098 } 2099 2100 ctx->no_reconnect = 1; 2101 if (methods & 0x02) { 2102 wpa_printf(MSG_DEBUG, "Calling cmd_prov from osu_connect"); 2103 res = cmd_prov(ctx, url); 2104 } else if (methods & 0x01) { 2105 wpa_printf(MSG_DEBUG, 2106 "Calling cmd_oma_dm_prov from osu_connect"); 2107 res = cmd_oma_dm_prov(ctx, url); 2108 } 2109 2110 wpa_printf(MSG_INFO, "Remove OSU network connection"); 2111 write_summary(ctx, "Remove OSU network connection"); 2112 snprintf(buf, sizeof(buf), "REMOVE_NETWORK %d", id); 2113 wpa_command(ifname, buf); 2114 2115 if (res < 0) 2116 return -1; 2117 2118 wpa_printf(MSG_INFO, "Requesting reconnection with updated configuration"); 2119 write_summary(ctx, "Requesting reconnection with updated configuration"); 2120 if (wpa_command(ctx->ifname, "INTERWORKING_SELECT auto") < 0) { 2121 wpa_printf(MSG_INFO, "Failed to request wpa_supplicant to reconnect"); 2122 write_summary(ctx, "Failed to request wpa_supplicant to reconnect"); 2123 return -1; 2124 } 2125 2126 return 0; 2127} 2128 2129 2130static int cmd_osu_select(struct hs20_osu_client *ctx, const char *dir, 2131 int connect, int no_prod_assoc, 2132 const char *friendly_name) 2133{ 2134 char fname[255]; 2135 FILE *f; 2136 struct osu_data *osu = NULL, *last = NULL; 2137 size_t osu_count = 0, i, j; 2138 int ret; 2139 2140 write_summary(ctx, "OSU provider selection"); 2141 2142 if (dir == NULL) { 2143 wpa_printf(MSG_INFO, "Missing dir parameter to osu_select"); 2144 return -1; 2145 } 2146 2147 snprintf(fname, sizeof(fname), "%s/osu-providers.txt", dir); 2148 osu = parse_osu_providers(fname, &osu_count); 2149 if (osu == NULL) { 2150 wpa_printf(MSG_INFO, "Could not find any OSU providers from %s", 2151 fname); 2152 write_result(ctx, "No OSU providers available"); 2153 return -1; 2154 } 2155 2156 if (friendly_name) { 2157 for (i = 0; i < osu_count; i++) { 2158 last = &osu[i]; 2159 for (j = 0; j < last->friendly_name_count; j++) { 2160 if (os_strcmp(last->friendly_name[j].text, 2161 friendly_name) == 0) 2162 break; 2163 } 2164 if (j < last->friendly_name_count) 2165 break; 2166 } 2167 if (i == osu_count) { 2168 wpa_printf(MSG_INFO, "Requested operator friendly name '%s' not found in the list of available providers", 2169 friendly_name); 2170 write_summary(ctx, "Requested operator friendly name '%s' not found in the list of available providers", 2171 friendly_name); 2172 free(osu); 2173 return -1; 2174 } 2175 2176 wpa_printf(MSG_INFO, "OSU Provider selected based on requested operator friendly name '%s'", 2177 friendly_name); 2178 write_summary(ctx, "OSU Provider selected based on requested operator friendly name '%s'", 2179 friendly_name); 2180 ret = i + 1; 2181 goto selected; 2182 } 2183 2184 snprintf(fname, sizeof(fname), "%s/osu-providers.html", dir); 2185 f = fopen(fname, "w"); 2186 if (f == NULL) { 2187 wpa_printf(MSG_INFO, "Could not open %s", fname); 2188 free(osu); 2189 return -1; 2190 } 2191 2192 fprintf(f, "<html><head>" 2193 "<meta http-equiv=\"Content-type\" content=\"text/html; " 2194 "charset=utf-8\"<title>Select service operator</title>" 2195 "</head><body><h1>Select service operator</h1>\n"); 2196 2197 if (osu_count == 0) 2198 fprintf(f, "No online signup available\n"); 2199 2200 for (i = 0; i < osu_count; i++) { 2201 last = &osu[i]; 2202#ifdef ANDROID 2203 fprintf(f, "<p>\n" 2204 "<a href=\"http://localhost:12345/osu/%d\">" 2205 "<table><tr><td>", (int) i + 1); 2206#else /* ANDROID */ 2207 fprintf(f, "<p>\n" 2208 "<a href=\"osu://%d\">" 2209 "<table><tr><td>", (int) i + 1); 2210#endif /* ANDROID */ 2211 for (j = 0; j < last->icon_count; j++) { 2212 fprintf(f, "<img src=\"osu-icon-%d.%s\">\n", 2213 last->icon[j].id, 2214 strcasecmp(last->icon[j].mime_type, 2215 "image/png") == 0 ? "png" : "icon"); 2216 } 2217 fprintf(f, "<td>"); 2218 for (j = 0; j < last->friendly_name_count; j++) { 2219 fprintf(f, "<small>[%s]</small> %s<br>\n", 2220 last->friendly_name[j].lang, 2221 last->friendly_name[j].text); 2222 } 2223 fprintf(f, "<tr><td colspan=2>"); 2224 for (j = 0; j < last->serv_desc_count; j++) { 2225 fprintf(f, "<small>[%s]</small> %s<br>\n", 2226 last->serv_desc[j].lang, 2227 last->serv_desc[j].text); 2228 } 2229 fprintf(f, "</table></a><br><small>BSSID: %s<br>\n" 2230 "SSID: %s<br>\n", 2231 last->bssid, last->osu_ssid); 2232 if (last->osu_nai[0]) 2233 fprintf(f, "NAI: %s<br>\n", last->osu_nai); 2234 fprintf(f, "URL: %s<br>\n" 2235 "methods:%s%s<br>\n" 2236 "</small></p>\n", 2237 last->url, 2238 last->methods & 0x01 ? " OMA-DM" : "", 2239 last->methods & 0x02 ? " SOAP-XML-SPP" : ""); 2240 } 2241 2242 fprintf(f, "</body></html>\n"); 2243 2244 fclose(f); 2245 2246 snprintf(fname, sizeof(fname), "file://%s/osu-providers.html", dir); 2247 write_summary(ctx, "Start web browser with OSU provider selection page"); 2248 ret = hs20_web_browser(fname); 2249 2250selected: 2251 if (ret > 0 && (size_t) ret <= osu_count) { 2252 char *data; 2253 size_t data_len; 2254 2255 wpa_printf(MSG_INFO, "Selected OSU id=%d", ret); 2256 last = &osu[ret - 1]; 2257 ret = 0; 2258 wpa_printf(MSG_INFO, "BSSID: %s", last->bssid); 2259 wpa_printf(MSG_INFO, "SSID: %s", last->osu_ssid); 2260 wpa_printf(MSG_INFO, "URL: %s", last->url); 2261 write_summary(ctx, "Selected OSU provider id=%d BSSID=%s SSID=%s URL=%s", 2262 ret, last->bssid, last->osu_ssid, last->url); 2263 2264 ctx->friendly_name_count = last->friendly_name_count; 2265 for (j = 0; j < last->friendly_name_count; j++) { 2266 wpa_printf(MSG_INFO, "FRIENDLY_NAME: [%s]%s", 2267 last->friendly_name[j].lang, 2268 last->friendly_name[j].text); 2269 os_strlcpy(ctx->friendly_name[j].lang, 2270 last->friendly_name[j].lang, 2271 sizeof(ctx->friendly_name[j].lang)); 2272 os_strlcpy(ctx->friendly_name[j].text, 2273 last->friendly_name[j].text, 2274 sizeof(ctx->friendly_name[j].text)); 2275 } 2276 2277 ctx->icon_count = last->icon_count; 2278 for (j = 0; j < last->icon_count; j++) { 2279 char fname[256]; 2280 2281 os_snprintf(fname, sizeof(fname), "%s/osu-icon-%d.%s", 2282 dir, last->icon[j].id, 2283 strcasecmp(last->icon[j].mime_type, 2284 "image/png") == 0 ? 2285 "png" : "icon"); 2286 wpa_printf(MSG_INFO, "ICON: %s (%s)", 2287 fname, last->icon[j].filename); 2288 os_strlcpy(ctx->icon_filename[j], 2289 last->icon[j].filename, 2290 sizeof(ctx->icon_filename[j])); 2291 2292 data = os_readfile(fname, &data_len); 2293 if (data) { 2294 sha256_vector(1, (const u8 **) &data, &data_len, 2295 ctx->icon_hash[j]); 2296 os_free(data); 2297 } 2298 } 2299 2300 if (connect == 2) { 2301 if (last->methods & 0x02) { 2302 wpa_printf(MSG_DEBUG, 2303 "Calling cmd_prov from cmd_osu_select"); 2304 ret = cmd_prov(ctx, last->url); 2305 } else if (last->methods & 0x01) { 2306 wpa_printf(MSG_DEBUG, 2307 "Calling cmd_oma_dm_prov from cmd_osu_select"); 2308 ret = cmd_oma_dm_prov(ctx, last->url); 2309 } else { 2310 wpa_printf(MSG_DEBUG, 2311 "No supported OSU provisioning method"); 2312 ret = -1; 2313 } 2314 } else if (connect) 2315 ret = osu_connect(ctx, last->bssid, last->osu_ssid, 2316 last->url, last->methods, 2317 no_prod_assoc, last->osu_nai); 2318 } else 2319 ret = -1; 2320 2321 free(osu); 2322 2323 return ret; 2324} 2325 2326 2327static int cmd_signup(struct hs20_osu_client *ctx, int no_prod_assoc, 2328 const char *friendly_name) 2329{ 2330 char dir[255]; 2331 char fname[300], buf[400]; 2332 struct wpa_ctrl *mon; 2333 const char *ifname; 2334 int res; 2335 2336 ifname = ctx->ifname; 2337 2338 if (getcwd(dir, sizeof(dir)) == NULL) 2339 return -1; 2340 2341 snprintf(fname, sizeof(fname), "%s/osu-info", dir); 2342 if (mkdir(fname, S_IRWXU | S_IRWXG | S_IROTH | S_IXOTH) < 0 && 2343 errno != EEXIST) { 2344 wpa_printf(MSG_INFO, "mkdir(%s) failed: %s", 2345 fname, strerror(errno)); 2346 return -1; 2347 } 2348 2349#ifdef ANDROID 2350 /* Allow processes running with Group ID as AID_WIFI 2351 * to read/write files from osu-info directory 2352 */ 2353 if (chown(fname, -1, AID_WIFI)) { 2354 wpa_printf(MSG_INFO, "Could not chown osu-info directory: %s", 2355 strerror(errno)); 2356 } 2357#endif /* ANDROID */ 2358 2359 snprintf(buf, sizeof(buf), "SET osu_dir %s", fname); 2360 if (wpa_command(ifname, buf) < 0) { 2361 wpa_printf(MSG_INFO, "Failed to configure osu_dir to wpa_supplicant"); 2362 return -1; 2363 } 2364 2365 mon = open_wpa_mon(ifname); 2366 if (mon == NULL) 2367 return -1; 2368 2369 wpa_printf(MSG_INFO, "Starting OSU fetch"); 2370 write_summary(ctx, "Starting OSU provider information fetch"); 2371 if (wpa_command(ifname, "FETCH_OSU") < 0) { 2372 wpa_printf(MSG_INFO, "Could not start OSU fetch"); 2373 wpa_ctrl_detach(mon); 2374 wpa_ctrl_close(mon); 2375 return -1; 2376 } 2377 res = get_wpa_cli_event(mon, "OSU provider fetch completed", 2378 buf, sizeof(buf)); 2379 2380 wpa_ctrl_detach(mon); 2381 wpa_ctrl_close(mon); 2382 2383 if (res < 0) { 2384 wpa_printf(MSG_INFO, "OSU fetch did not complete"); 2385 write_summary(ctx, "OSU fetch did not complete"); 2386 return -1; 2387 } 2388 wpa_printf(MSG_INFO, "OSU provider fetch completed"); 2389 2390 return cmd_osu_select(ctx, fname, 1, no_prod_assoc, friendly_name); 2391} 2392 2393 2394static int cmd_sub_rem(struct hs20_osu_client *ctx, const char *address, 2395 const char *pps_fname, const char *ca_fname) 2396{ 2397 xml_node_t *pps, *node; 2398 char pps_fname_buf[300]; 2399 char ca_fname_buf[200]; 2400 char *cred_username = NULL; 2401 char *cred_password = NULL; 2402 char *sub_rem_uri = NULL; 2403 char client_cert_buf[200]; 2404 char *client_cert = NULL; 2405 char client_key_buf[200]; 2406 char *client_key = NULL; 2407 int spp; 2408 2409 wpa_printf(MSG_INFO, "Subscription remediation requested with Server URL: %s", 2410 address); 2411 2412 if (!pps_fname) { 2413 char buf[256]; 2414 wpa_printf(MSG_INFO, "Determining PPS file based on Home SP information"); 2415 if (os_strncmp(address, "fqdn=", 5) == 0) { 2416 wpa_printf(MSG_INFO, "Use requested FQDN from command line"); 2417 os_snprintf(buf, sizeof(buf), "%s", address + 5); 2418 address = NULL; 2419 } else if (get_wpa_status(ctx->ifname, "provisioning_sp", buf, 2420 sizeof(buf)) < 0) { 2421 wpa_printf(MSG_INFO, "Could not get provisioning Home SP FQDN from wpa_supplicant"); 2422 return -1; 2423 } 2424 os_free(ctx->fqdn); 2425 ctx->fqdn = os_strdup(buf); 2426 if (ctx->fqdn == NULL) 2427 return -1; 2428 wpa_printf(MSG_INFO, "Home SP FQDN for current credential: %s", 2429 buf); 2430 os_snprintf(pps_fname_buf, sizeof(pps_fname_buf), 2431 "SP/%s/pps.xml", ctx->fqdn); 2432 pps_fname = pps_fname_buf; 2433 2434 os_snprintf(ca_fname_buf, sizeof(ca_fname_buf), "SP/%s/ca.pem", 2435 ctx->fqdn); 2436 ca_fname = ca_fname_buf; 2437 } 2438 2439 if (!os_file_exists(pps_fname)) { 2440 wpa_printf(MSG_INFO, "PPS file '%s' does not exist or is not accessible", 2441 pps_fname); 2442 return -1; 2443 } 2444 wpa_printf(MSG_INFO, "Using PPS file: %s", pps_fname); 2445 2446 if (ca_fname && !os_file_exists(ca_fname)) { 2447 wpa_printf(MSG_INFO, "CA file '%s' does not exist or is not accessible", 2448 ca_fname); 2449 return -1; 2450 } 2451 wpa_printf(MSG_INFO, "Using server trust root: %s", ca_fname); 2452 ctx->ca_fname = ca_fname; 2453 2454 pps = node_from_file(ctx->xml, pps_fname); 2455 if (pps == NULL) { 2456 wpa_printf(MSG_INFO, "Could not read PPS MO"); 2457 return -1; 2458 } 2459 2460 if (!ctx->fqdn) { 2461 char *tmp; 2462 node = get_child_node(ctx->xml, pps, "HomeSP/FQDN"); 2463 if (node == NULL) { 2464 wpa_printf(MSG_INFO, "No HomeSP/FQDN found from PPS"); 2465 return -1; 2466 } 2467 tmp = xml_node_get_text(ctx->xml, node); 2468 if (tmp == NULL) { 2469 wpa_printf(MSG_INFO, "No HomeSP/FQDN text found from PPS"); 2470 return -1; 2471 } 2472 ctx->fqdn = os_strdup(tmp); 2473 xml_node_get_text_free(ctx->xml, tmp); 2474 if (!ctx->fqdn) { 2475 wpa_printf(MSG_INFO, "No FQDN known"); 2476 return -1; 2477 } 2478 } 2479 2480 node = get_child_node(ctx->xml, pps, 2481 "SubscriptionUpdate/UpdateMethod"); 2482 if (node) { 2483 char *tmp; 2484 tmp = xml_node_get_text(ctx->xml, node); 2485 if (tmp && os_strcasecmp(tmp, "OMA-DM-ClientInitiated") == 0) 2486 spp = 0; 2487 else 2488 spp = 1; 2489 } else { 2490 wpa_printf(MSG_INFO, "No UpdateMethod specified - assume SPP"); 2491 spp = 1; 2492 } 2493 2494 get_user_pw(ctx, pps, "SubscriptionUpdate/UsernamePassword", 2495 &cred_username, &cred_password); 2496 if (cred_username) 2497 wpa_printf(MSG_INFO, "Using username: %s", cred_username); 2498 if (cred_password) 2499 wpa_printf(MSG_DEBUG, "Using password: %s", cred_password); 2500 2501 if (cred_username == NULL && cred_password == NULL && 2502 get_child_node(ctx->xml, pps, "Credential/DigitalCertificate")) { 2503 wpa_printf(MSG_INFO, "Using client certificate"); 2504 os_snprintf(client_cert_buf, sizeof(client_cert_buf), 2505 "SP/%s/client-cert.pem", ctx->fqdn); 2506 client_cert = client_cert_buf; 2507 os_snprintf(client_key_buf, sizeof(client_key_buf), 2508 "SP/%s/client-key.pem", ctx->fqdn); 2509 client_key = client_key_buf; 2510 ctx->client_cert_present = 1; 2511 } 2512 2513 node = get_child_node(ctx->xml, pps, "SubscriptionUpdate/URI"); 2514 if (node) { 2515 sub_rem_uri = xml_node_get_text(ctx->xml, node); 2516 if (sub_rem_uri && 2517 (!address || os_strcmp(address, sub_rem_uri) != 0)) { 2518 wpa_printf(MSG_INFO, "Override sub rem URI based on PPS: %s", 2519 sub_rem_uri); 2520 address = sub_rem_uri; 2521 } 2522 } 2523 if (!address) { 2524 wpa_printf(MSG_INFO, "Server URL not known"); 2525 return -1; 2526 } 2527 2528 write_summary(ctx, "Wait for IP address for subscriptiom remediation"); 2529 wpa_printf(MSG_INFO, "Wait for IP address before starting subscription remediation"); 2530 2531 if (wait_ip_addr(ctx->ifname, 15) < 0) { 2532 wpa_printf(MSG_INFO, "Could not get IP address for WLAN - try connection anyway"); 2533 } 2534 2535 if (spp) 2536 spp_sub_rem(ctx, address, pps_fname, 2537 client_cert, client_key, 2538 cred_username, cred_password, pps); 2539 else 2540 oma_dm_sub_rem(ctx, address, pps_fname, 2541 client_cert, client_key, 2542 cred_username, cred_password, pps); 2543 2544 xml_node_get_text_free(ctx->xml, sub_rem_uri); 2545 xml_node_get_text_free(ctx->xml, cred_username); 2546 str_clear_free(cred_password); 2547 xml_node_free(ctx->xml, pps); 2548 return 0; 2549} 2550 2551 2552static int cmd_pol_upd(struct hs20_osu_client *ctx, const char *address, 2553 const char *pps_fname, const char *ca_fname) 2554{ 2555 xml_node_t *pps; 2556 xml_node_t *node; 2557 char pps_fname_buf[300]; 2558 char ca_fname_buf[200]; 2559 char *uri = NULL; 2560 char *cred_username = NULL; 2561 char *cred_password = NULL; 2562 char client_cert_buf[200]; 2563 char *client_cert = NULL; 2564 char client_key_buf[200]; 2565 char *client_key = NULL; 2566 int spp; 2567 2568 wpa_printf(MSG_INFO, "Policy update requested"); 2569 2570 if (!pps_fname) { 2571 char buf[256]; 2572 wpa_printf(MSG_INFO, "Determining PPS file based on Home SP information"); 2573 if (address && os_strncmp(address, "fqdn=", 5) == 0) { 2574 wpa_printf(MSG_INFO, "Use requested FQDN from command line"); 2575 os_snprintf(buf, sizeof(buf), "%s", address + 5); 2576 address = NULL; 2577 } else if (get_wpa_status(ctx->ifname, "provisioning_sp", buf, 2578 sizeof(buf)) < 0) { 2579 wpa_printf(MSG_INFO, "Could not get provisioning Home SP FQDN from wpa_supplicant"); 2580 return -1; 2581 } 2582 os_free(ctx->fqdn); 2583 ctx->fqdn = os_strdup(buf); 2584 if (ctx->fqdn == NULL) 2585 return -1; 2586 wpa_printf(MSG_INFO, "Home SP FQDN for current credential: %s", 2587 buf); 2588 os_snprintf(pps_fname_buf, sizeof(pps_fname_buf), 2589 "SP/%s/pps.xml", ctx->fqdn); 2590 pps_fname = pps_fname_buf; 2591 2592 os_snprintf(ca_fname_buf, sizeof(ca_fname_buf), "SP/%s/ca.pem", 2593 buf); 2594 ca_fname = ca_fname_buf; 2595 } 2596 2597 if (!os_file_exists(pps_fname)) { 2598 wpa_printf(MSG_INFO, "PPS file '%s' does not exist or is not accessible", 2599 pps_fname); 2600 return -1; 2601 } 2602 wpa_printf(MSG_INFO, "Using PPS file: %s", pps_fname); 2603 2604 if (ca_fname && !os_file_exists(ca_fname)) { 2605 wpa_printf(MSG_INFO, "CA file '%s' does not exist or is not accessible", 2606 ca_fname); 2607 return -1; 2608 } 2609 wpa_printf(MSG_INFO, "Using server trust root: %s", ca_fname); 2610 ctx->ca_fname = ca_fname; 2611 2612 pps = node_from_file(ctx->xml, pps_fname); 2613 if (pps == NULL) { 2614 wpa_printf(MSG_INFO, "Could not read PPS MO"); 2615 return -1; 2616 } 2617 2618 if (!ctx->fqdn) { 2619 char *tmp; 2620 node = get_child_node(ctx->xml, pps, "HomeSP/FQDN"); 2621 if (node == NULL) { 2622 wpa_printf(MSG_INFO, "No HomeSP/FQDN found from PPS"); 2623 return -1; 2624 } 2625 tmp = xml_node_get_text(ctx->xml, node); 2626 if (tmp == NULL) { 2627 wpa_printf(MSG_INFO, "No HomeSP/FQDN text found from PPS"); 2628 return -1; 2629 } 2630 ctx->fqdn = os_strdup(tmp); 2631 xml_node_get_text_free(ctx->xml, tmp); 2632 if (!ctx->fqdn) { 2633 wpa_printf(MSG_INFO, "No FQDN known"); 2634 return -1; 2635 } 2636 } 2637 2638 node = get_child_node(ctx->xml, pps, 2639 "Policy/PolicyUpdate/UpdateMethod"); 2640 if (node) { 2641 char *tmp; 2642 tmp = xml_node_get_text(ctx->xml, node); 2643 if (tmp && os_strcasecmp(tmp, "OMA-DM-ClientInitiated") == 0) 2644 spp = 0; 2645 else 2646 spp = 1; 2647 } else { 2648 wpa_printf(MSG_INFO, "No UpdateMethod specified - assume SPP"); 2649 spp = 1; 2650 } 2651 2652 get_user_pw(ctx, pps, "Policy/PolicyUpdate/UsernamePassword", 2653 &cred_username, &cred_password); 2654 if (cred_username) 2655 wpa_printf(MSG_INFO, "Using username: %s", cred_username); 2656 if (cred_password) 2657 wpa_printf(MSG_DEBUG, "Using password: %s", cred_password); 2658 2659 if (cred_username == NULL && cred_password == NULL && 2660 get_child_node(ctx->xml, pps, "Credential/DigitalCertificate")) { 2661 wpa_printf(MSG_INFO, "Using client certificate"); 2662 os_snprintf(client_cert_buf, sizeof(client_cert_buf), 2663 "SP/%s/client-cert.pem", ctx->fqdn); 2664 client_cert = client_cert_buf; 2665 os_snprintf(client_key_buf, sizeof(client_key_buf), 2666 "SP/%s/client-key.pem", ctx->fqdn); 2667 client_key = client_key_buf; 2668 } 2669 2670 if (!address) { 2671 node = get_child_node(ctx->xml, pps, "Policy/PolicyUpdate/URI"); 2672 if (node) { 2673 uri = xml_node_get_text(ctx->xml, node); 2674 wpa_printf(MSG_INFO, "URI based on PPS: %s", uri); 2675 address = uri; 2676 } 2677 } 2678 if (!address) { 2679 wpa_printf(MSG_INFO, "Server URL not known"); 2680 return -1; 2681 } 2682 2683 if (spp) 2684 spp_pol_upd(ctx, address, pps_fname, 2685 client_cert, client_key, 2686 cred_username, cred_password, pps); 2687 else 2688 oma_dm_pol_upd(ctx, address, pps_fname, 2689 client_cert, client_key, 2690 cred_username, cred_password, pps); 2691 2692 xml_node_get_text_free(ctx->xml, uri); 2693 xml_node_get_text_free(ctx->xml, cred_username); 2694 str_clear_free(cred_password); 2695 xml_node_free(ctx->xml, pps); 2696 2697 return 0; 2698} 2699 2700 2701static char * get_hostname(const char *url) 2702{ 2703 const char *pos, *end, *end2; 2704 char *ret; 2705 2706 if (url == NULL) 2707 return NULL; 2708 2709 pos = os_strchr(url, '/'); 2710 if (pos == NULL) 2711 return NULL; 2712 pos++; 2713 if (*pos != '/') 2714 return NULL; 2715 pos++; 2716 2717 end = os_strchr(pos, '/'); 2718 end2 = os_strchr(pos, ':'); 2719 if ((end && end2 && end2 < end) || (!end && end2)) 2720 end = end2; 2721 if (end) 2722 end--; 2723 else { 2724 end = pos; 2725 while (*end) 2726 end++; 2727 if (end > pos) 2728 end--; 2729 } 2730 2731 ret = os_malloc(end - pos + 2); 2732 if (ret == NULL) 2733 return NULL; 2734 2735 os_memcpy(ret, pos, end - pos + 1); 2736 ret[end - pos + 1] = '\0'; 2737 2738 return ret; 2739} 2740 2741 2742static int osu_cert_cb(void *_ctx, struct http_cert *cert) 2743{ 2744 struct hs20_osu_client *ctx = _ctx; 2745 unsigned int i, j; 2746 int found; 2747 char *host = NULL; 2748 2749 wpa_printf(MSG_INFO, "osu_cert_cb(osu_cert_validation=%d, url=%s)", 2750 !ctx->no_osu_cert_validation, ctx->server_url); 2751 2752 host = get_hostname(ctx->server_url); 2753 2754 for (i = 0; i < ctx->server_dnsname_count; i++) 2755 os_free(ctx->server_dnsname[i]); 2756 os_free(ctx->server_dnsname); 2757 ctx->server_dnsname = os_calloc(cert->num_dnsname, sizeof(char *)); 2758 ctx->server_dnsname_count = 0; 2759 2760 found = 0; 2761 for (i = 0; i < cert->num_dnsname; i++) { 2762 if (ctx->server_dnsname) { 2763 ctx->server_dnsname[ctx->server_dnsname_count] = 2764 os_strdup(cert->dnsname[i]); 2765 if (ctx->server_dnsname[ctx->server_dnsname_count]) 2766 ctx->server_dnsname_count++; 2767 } 2768 if (host && os_strcasecmp(host, cert->dnsname[i]) == 0) 2769 found = 1; 2770 wpa_printf(MSG_INFO, "dNSName '%s'", cert->dnsname[i]); 2771 } 2772 2773 if (host && !found) { 2774 wpa_printf(MSG_INFO, "Server name from URL (%s) did not match any dNSName - abort connection", 2775 host); 2776 write_result(ctx, "Server name from URL (%s) did not match any dNSName - abort connection", 2777 host); 2778 os_free(host); 2779 return -1; 2780 } 2781 2782 os_free(host); 2783 2784 for (i = 0; i < cert->num_othername; i++) { 2785 if (os_strcmp(cert->othername[i].oid, 2786 "1.3.6.1.4.1.40808.1.1.1") == 0) { 2787 wpa_hexdump_ascii(MSG_INFO, 2788 "id-wfa-hotspot-friendlyName", 2789 cert->othername[i].data, 2790 cert->othername[i].len); 2791 } 2792 } 2793 2794 for (j = 0; !ctx->no_osu_cert_validation && 2795 j < ctx->friendly_name_count; j++) { 2796 int found = 0; 2797 for (i = 0; i < cert->num_othername; i++) { 2798 if (os_strcmp(cert->othername[i].oid, 2799 "1.3.6.1.4.1.40808.1.1.1") != 0) 2800 continue; 2801 if (cert->othername[i].len < 3) 2802 continue; 2803 if (os_strncasecmp((char *) cert->othername[i].data, 2804 ctx->friendly_name[j].lang, 3) != 0) 2805 continue; 2806 if (os_strncmp((char *) cert->othername[i].data + 3, 2807 ctx->friendly_name[j].text, 2808 cert->othername[i].len - 3) == 0) { 2809 found = 1; 2810 break; 2811 } 2812 } 2813 2814 if (!found) { 2815 wpa_printf(MSG_INFO, "No friendly name match found for '[%s]%s'", 2816 ctx->friendly_name[j].lang, 2817 ctx->friendly_name[j].text); 2818 write_result(ctx, "No friendly name match found for '[%s]%s'", 2819 ctx->friendly_name[j].lang, 2820 ctx->friendly_name[j].text); 2821 return -1; 2822 } 2823 } 2824 2825 for (i = 0; i < cert->num_logo; i++) { 2826 struct http_logo *logo = &cert->logo[i]; 2827 2828 wpa_printf(MSG_INFO, "logo hash alg %s uri '%s'", 2829 logo->alg_oid, logo->uri); 2830 wpa_hexdump_ascii(MSG_INFO, "hashValue", 2831 logo->hash, logo->hash_len); 2832 } 2833 2834 for (j = 0; !ctx->no_osu_cert_validation && j < ctx->icon_count; j++) { 2835 int found = 0; 2836 char *name = ctx->icon_filename[j]; 2837 size_t name_len = os_strlen(name); 2838 2839 wpa_printf(MSG_INFO, 2840 "[%i] Looking for icon file name '%s' match", 2841 j, name); 2842 for (i = 0; i < cert->num_logo; i++) { 2843 struct http_logo *logo = &cert->logo[i]; 2844 size_t uri_len = os_strlen(logo->uri); 2845 char *pos; 2846 2847 wpa_printf(MSG_INFO, 2848 "[%i] Comparing to '%s' uri_len=%d name_len=%d", 2849 i, logo->uri, (int) uri_len, (int) name_len); 2850 if (uri_len < 1 + name_len) { 2851 wpa_printf(MSG_INFO, "URI Length is too short"); 2852 continue; 2853 } 2854 pos = &logo->uri[uri_len - name_len - 1]; 2855 if (*pos != '/') 2856 continue; 2857 pos++; 2858 if (os_strcmp(pos, name) == 0) { 2859 found = 1; 2860 break; 2861 } 2862 } 2863 2864 if (!found) { 2865 wpa_printf(MSG_INFO, "No icon filename match found for '%s'", 2866 name); 2867 write_result(ctx, 2868 "No icon filename match found for '%s'", 2869 name); 2870 return -1; 2871 } 2872 } 2873 2874 for (j = 0; !ctx->no_osu_cert_validation && j < ctx->icon_count; j++) { 2875 int found = 0; 2876 2877 for (i = 0; i < cert->num_logo; i++) { 2878 struct http_logo *logo = &cert->logo[i]; 2879 2880 if (logo->hash_len != 32) { 2881 wpa_printf(MSG_INFO, 2882 "[%i][%i] Icon hash length invalid (should be 32): %d", 2883 j, i, (int) logo->hash_len); 2884 continue; 2885 } 2886 if (os_memcmp(logo->hash, ctx->icon_hash[j], 32) == 0) { 2887 found = 1; 2888 break; 2889 } 2890 2891 wpa_printf(MSG_DEBUG, 2892 "[%u][%u] Icon hash did not match", j, i); 2893 wpa_hexdump_ascii(MSG_DEBUG, "logo->hash", 2894 logo->hash, 32); 2895 wpa_hexdump_ascii(MSG_DEBUG, "ctx->icon_hash[j]", 2896 ctx->icon_hash[j], 32); 2897 } 2898 2899 if (!found) { 2900 wpa_printf(MSG_INFO, 2901 "No icon hash match (by hash) found"); 2902 write_result(ctx, 2903 "No icon hash match (by hash) found"); 2904 return -1; 2905 } 2906 } 2907 2908 return 0; 2909} 2910 2911 2912static int init_ctx(struct hs20_osu_client *ctx) 2913{ 2914 xml_node_t *devinfo, *devid; 2915 2916 os_memset(ctx, 0, sizeof(*ctx)); 2917 ctx->ifname = "wlan0"; 2918 ctx->xml = xml_node_init_ctx(ctx, NULL); 2919 if (ctx->xml == NULL) 2920 return -1; 2921 2922 devinfo = node_from_file(ctx->xml, "devinfo.xml"); 2923 if (!devinfo) { 2924 wpa_printf(MSG_ERROR, "devinfo.xml not found"); 2925 return -1; 2926 } 2927 2928 devid = get_node(ctx->xml, devinfo, "DevId"); 2929 if (devid) { 2930 char *tmp = xml_node_get_text(ctx->xml, devid); 2931 if (tmp) { 2932 ctx->devid = os_strdup(tmp); 2933 xml_node_get_text_free(ctx->xml, tmp); 2934 } 2935 } 2936 xml_node_free(ctx->xml, devinfo); 2937 2938 if (ctx->devid == NULL) { 2939 wpa_printf(MSG_ERROR, "Could not fetch DevId from devinfo.xml"); 2940 return -1; 2941 } 2942 2943 ctx->http = http_init_ctx(ctx, ctx->xml); 2944 if (ctx->http == NULL) { 2945 xml_node_deinit_ctx(ctx->xml); 2946 return -1; 2947 } 2948 http_ocsp_set(ctx->http, 2); 2949 http_set_cert_cb(ctx->http, osu_cert_cb, ctx); 2950 2951 return 0; 2952} 2953 2954 2955static void deinit_ctx(struct hs20_osu_client *ctx) 2956{ 2957 size_t i; 2958 2959 http_deinit_ctx(ctx->http); 2960 xml_node_deinit_ctx(ctx->xml); 2961 os_free(ctx->fqdn); 2962 os_free(ctx->server_url); 2963 os_free(ctx->devid); 2964 2965 for (i = 0; i < ctx->server_dnsname_count; i++) 2966 os_free(ctx->server_dnsname[i]); 2967 os_free(ctx->server_dnsname); 2968} 2969 2970 2971static void check_workarounds(struct hs20_osu_client *ctx) 2972{ 2973 FILE *f; 2974 char buf[100]; 2975 unsigned long int val = 0; 2976 2977 f = fopen("hs20-osu-client.workarounds", "r"); 2978 if (f == NULL) 2979 return; 2980 2981 if (fgets(buf, sizeof(buf), f)) 2982 val = strtoul(buf, NULL, 16); 2983 2984 fclose(f); 2985 2986 if (val) { 2987 wpa_printf(MSG_INFO, "Workarounds enabled: 0x%lx", val); 2988 ctx->workarounds = val; 2989 if (ctx->workarounds & WORKAROUND_OCSP_OPTIONAL) 2990 http_ocsp_set(ctx->http, 1); 2991 } 2992} 2993 2994 2995static void usage(void) 2996{ 2997 printf("usage: hs20-osu-client [-dddqqKt] [-S<station ifname>] \\\n" 2998 " [-w<wpa_supplicant ctrl_iface dir>] " 2999 "[-r<result file>] [-f<debug file>] \\\n" 3000 " [-s<summary file>] \\\n" 3001 " [-x<spp.xsd file name>] \\\n" 3002 " <command> [arguments..]\n" 3003 "commands:\n" 3004 "- to_tnds <XML MO> <XML MO in TNDS format> [URN]\n" 3005 "- to_tnds2 <XML MO> <XML MO in TNDS format (Path) " 3006 "[URN]>\n" 3007 "- from_tnds <XML MO in TNDS format> <XML MO>\n" 3008 "- set_pps <PerProviderSubscription XML file name>\n" 3009 "- get_fqdn <PerProviderSubscription XML file name>\n" 3010 "- pol_upd [Server URL] [PPS] [CA cert]\n" 3011 "- sub_rem <Server URL> [PPS] [CA cert]\n" 3012 "- prov <Server URL> [CA cert]\n" 3013 "- oma_dm_prov <Server URL> [CA cert]\n" 3014 "- sim_prov <Server URL> [CA cert]\n" 3015 "- oma_dm_sim_prov <Server URL> [CA cert]\n" 3016 "- signup [CA cert]\n" 3017 "- dl_osu_ca <PPS> <CA file>\n" 3018 "- dl_polupd_ca <PPS> <CA file>\n" 3019 "- dl_aaa_ca <PPS> <CA file>\n" 3020 "- browser <URL>\n" 3021 "- parse_cert <X.509 certificate (DER)>\n" 3022 "- osu_select <OSU info directory> [CA cert]\n"); 3023} 3024 3025 3026int main(int argc, char *argv[]) 3027{ 3028 struct hs20_osu_client ctx; 3029 int c; 3030 int ret = 0; 3031 int no_prod_assoc = 0; 3032 const char *friendly_name = NULL; 3033 const char *wpa_debug_file_path = NULL; 3034 extern char *wpas_ctrl_path; 3035 extern int wpa_debug_level; 3036 extern int wpa_debug_show_keys; 3037 extern int wpa_debug_timestamp; 3038 3039 if (init_ctx(&ctx) < 0) 3040 return -1; 3041 3042 for (;;) { 3043 c = getopt(argc, argv, "df:hKNO:qr:s:S:tw:x:"); 3044 if (c < 0) 3045 break; 3046 switch (c) { 3047 case 'd': 3048 if (wpa_debug_level > 0) 3049 wpa_debug_level--; 3050 break; 3051 case 'f': 3052 wpa_debug_file_path = optarg; 3053 break; 3054 case 'K': 3055 wpa_debug_show_keys++; 3056 break; 3057 case 'N': 3058 no_prod_assoc = 1; 3059 break; 3060 case 'O': 3061 friendly_name = optarg; 3062 break; 3063 case 'q': 3064 wpa_debug_level++; 3065 break; 3066 case 'r': 3067 ctx.result_file = optarg; 3068 break; 3069 case 's': 3070 ctx.summary_file = optarg; 3071 break; 3072 case 'S': 3073 ctx.ifname = optarg; 3074 break; 3075 case 't': 3076 wpa_debug_timestamp++; 3077 break; 3078 case 'w': 3079 wpas_ctrl_path = optarg; 3080 break; 3081 case 'x': 3082 spp_xsd_fname = optarg; 3083 break; 3084 case 'h': 3085 default: 3086 usage(); 3087 exit(0); 3088 break; 3089 } 3090 } 3091 3092 if (argc - optind < 1) { 3093 usage(); 3094 exit(0); 3095 } 3096 3097 wpa_debug_open_file(wpa_debug_file_path); 3098 3099#ifdef __linux__ 3100 setlinebuf(stdout); 3101#endif /* __linux__ */ 3102 3103 if (ctx.result_file) 3104 unlink(ctx.result_file); 3105 wpa_printf(MSG_DEBUG, "===[hs20-osu-client START - command: %s ]======" 3106 "================", argv[optind]); 3107 check_workarounds(&ctx); 3108 3109 if (strcmp(argv[optind], "to_tnds") == 0) { 3110 if (argc - optind < 2) { 3111 usage(); 3112 exit(0); 3113 } 3114 cmd_to_tnds(&ctx, argv[optind + 1], argv[optind + 2], 3115 argc > optind + 3 ? argv[optind + 3] : NULL, 3116 0); 3117 } else if (strcmp(argv[optind], "to_tnds2") == 0) { 3118 if (argc - optind < 2) { 3119 usage(); 3120 exit(0); 3121 } 3122 cmd_to_tnds(&ctx, argv[optind + 1], argv[optind + 2], 3123 argc > optind + 3 ? argv[optind + 3] : NULL, 3124 1); 3125 } else if (strcmp(argv[optind], "from_tnds") == 0) { 3126 if (argc - optind < 2) { 3127 usage(); 3128 exit(0); 3129 } 3130 cmd_from_tnds(&ctx, argv[optind + 1], argv[optind + 2]); 3131 } else if (strcmp(argv[optind], "sub_rem") == 0) { 3132 if (argc - optind < 2) { 3133 usage(); 3134 exit(0); 3135 } 3136 ret = cmd_sub_rem(&ctx, argv[optind + 1], 3137 argc > optind + 2 ? argv[optind + 2] : NULL, 3138 argc > optind + 3 ? argv[optind + 3] : NULL); 3139 } else if (strcmp(argv[optind], "pol_upd") == 0) { 3140 ret = cmd_pol_upd(&ctx, 3141 argc > optind + 1 ? argv[optind + 1] : NULL, 3142 argc > optind + 2 ? argv[optind + 2] : NULL, 3143 argc > optind + 3 ? argv[optind + 3] : NULL); 3144 } else if (strcmp(argv[optind], "prov") == 0) { 3145 if (argc - optind < 2) { 3146 usage(); 3147 exit(0); 3148 } 3149 ctx.ca_fname = argv[optind + 2]; 3150 wpa_printf(MSG_DEBUG, "Calling cmd_prov from main"); 3151 cmd_prov(&ctx, argv[optind + 1]); 3152 } else if (strcmp(argv[optind], "sim_prov") == 0) { 3153 if (argc - optind < 2) { 3154 usage(); 3155 exit(0); 3156 } 3157 ctx.ca_fname = argv[optind + 2]; 3158 cmd_sim_prov(&ctx, argv[optind + 1]); 3159 } else if (strcmp(argv[optind], "dl_osu_ca") == 0) { 3160 if (argc - optind < 2) { 3161 usage(); 3162 exit(0); 3163 } 3164 cmd_dl_osu_ca(&ctx, argv[optind + 1], argv[optind + 2]); 3165 } else if (strcmp(argv[optind], "dl_polupd_ca") == 0) { 3166 if (argc - optind < 2) { 3167 usage(); 3168 exit(0); 3169 } 3170 cmd_dl_polupd_ca(&ctx, argv[optind + 1], argv[optind + 2]); 3171 } else if (strcmp(argv[optind], "dl_aaa_ca") == 0) { 3172 if (argc - optind < 2) { 3173 usage(); 3174 exit(0); 3175 } 3176 cmd_dl_aaa_ca(&ctx, argv[optind + 1], argv[optind + 2]); 3177 } else if (strcmp(argv[optind], "osu_select") == 0) { 3178 if (argc - optind < 2) { 3179 usage(); 3180 exit(0); 3181 } 3182 ctx.ca_fname = argc > optind + 2 ? argv[optind + 2] : NULL; 3183 cmd_osu_select(&ctx, argv[optind + 1], 2, 1, NULL); 3184 } else if (strcmp(argv[optind], "signup") == 0) { 3185 ctx.ca_fname = argc > optind + 1 ? argv[optind + 1] : NULL; 3186 ret = cmd_signup(&ctx, no_prod_assoc, friendly_name); 3187 } else if (strcmp(argv[optind], "set_pps") == 0) { 3188 if (argc - optind < 2) { 3189 usage(); 3190 exit(0); 3191 } 3192 cmd_set_pps(&ctx, argv[optind + 1]); 3193 } else if (strcmp(argv[optind], "get_fqdn") == 0) { 3194 if (argc - optind < 1) { 3195 usage(); 3196 exit(0); 3197 } 3198 ret = cmd_get_fqdn(&ctx, argv[optind + 1]); 3199 } else if (strcmp(argv[optind], "oma_dm_prov") == 0) { 3200 if (argc - optind < 2) { 3201 usage(); 3202 exit(0); 3203 } 3204 ctx.ca_fname = argv[optind + 2]; 3205 cmd_oma_dm_prov(&ctx, argv[optind + 1]); 3206 } else if (strcmp(argv[optind], "oma_dm_sim_prov") == 0) { 3207 if (argc - optind < 2) { 3208 usage(); 3209 exit(0); 3210 } 3211 ctx.ca_fname = argv[optind + 2]; 3212 if (cmd_oma_dm_sim_prov(&ctx, argv[optind + 1]) < 0) { 3213 write_summary(&ctx, "Failed to complete OMA DM SIM provisioning"); 3214 return -1; 3215 } 3216 } else if (strcmp(argv[optind], "oma_dm_add") == 0) { 3217 if (argc - optind < 2) { 3218 usage(); 3219 exit(0); 3220 } 3221 cmd_oma_dm_add(&ctx, argv[optind + 1], argv[optind + 2]); 3222 } else if (strcmp(argv[optind], "oma_dm_replace") == 0) { 3223 if (argc - optind < 2) { 3224 usage(); 3225 exit(0); 3226 } 3227 cmd_oma_dm_replace(&ctx, argv[optind + 1], argv[optind + 2]); 3228 } else if (strcmp(argv[optind], "est_csr") == 0) { 3229 if (argc - optind < 2) { 3230 usage(); 3231 exit(0); 3232 } 3233 mkdir("Cert", S_IRWXU); 3234 est_build_csr(&ctx, argv[optind + 1]); 3235 } else if (strcmp(argv[optind], "browser") == 0) { 3236 int ret; 3237 3238 if (argc - optind < 2) { 3239 usage(); 3240 exit(0); 3241 } 3242 3243 wpa_printf(MSG_INFO, "Launch web browser to URL %s", 3244 argv[optind + 1]); 3245 ret = hs20_web_browser(argv[optind + 1]); 3246 wpa_printf(MSG_INFO, "Web browser result: %d", ret); 3247 } else if (strcmp(argv[optind], "parse_cert") == 0) { 3248 if (argc - optind < 2) { 3249 usage(); 3250 exit(0); 3251 } 3252 3253 wpa_debug_level = MSG_MSGDUMP; 3254 http_parse_x509_certificate(ctx.http, argv[optind + 1]); 3255 wpa_debug_level = MSG_INFO; 3256 } else { 3257 wpa_printf(MSG_INFO, "Unknown command '%s'", argv[optind]); 3258 } 3259 3260 deinit_ctx(&ctx); 3261 wpa_printf(MSG_DEBUG, 3262 "===[hs20-osu-client END ]======================"); 3263 3264 wpa_debug_close_file(); 3265 3266 return ret; 3267} 3268