1df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt/* 2df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt * Hotspot 2.0 SPP server 3df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt * Copyright (c) 2012-2013, Qualcomm Atheros, Inc. 4df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt * 5df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt * This software may be distributed under the terms of the BSD license. 6df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt * See README for more details. 7df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt */ 8df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 9df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt#include <stdlib.h> 10df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt#include <stdio.h> 11df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt#include <string.h> 12df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt#include <ctype.h> 13df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt#include <time.h> 14df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt#include <errno.h> 15df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt#include <sqlite3.h> 16df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 17df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt#include "common.h" 18df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt#include "base64.h" 19df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt#include "md5_i.h" 20df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt#include "xml-utils.h" 21df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt#include "spp_server.h" 22df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 23df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 24df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt#define SPP_NS_URI "http://www.wi-fi.org/specifications/hotspot2dot0/v1.0/spp" 25df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 26df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt#define URN_OMA_DM_DEVINFO "urn:oma:mo:oma-dm-devinfo:1.0" 27df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt#define URN_OMA_DM_DEVDETAIL "urn:oma:mo:oma-dm-devdetail:1.0" 28df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt#define URN_OMA_DM_DMACC "urn:oma:mo:oma-dm-dmacc:1.0" 29df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt#define URN_HS20_PPS "urn:wfa:mo:hotspot2dot0-perprovidersubscription:1.0" 30df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 31df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 32df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt/* TODO: timeout to expire sessions */ 33df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 34df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidtenum hs20_session_operation { 35df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt NO_OPERATION, 36df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt UPDATE_PASSWORD, 37df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt CONTINUE_SUBSCRIPTION_REMEDIATION, 38df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt CONTINUE_POLICY_UPDATE, 39df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt USER_REMEDIATION, 40df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt SUBSCRIPTION_REGISTRATION, 41df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt POLICY_REMEDIATION, 42df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt POLICY_UPDATE, 43df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt FREE_REMEDIATION, 44df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt}; 45df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 46df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 47df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidtstatic char * db_get_session_val(struct hs20_svc *ctx, const char *user, 48df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt const char *realm, const char *session_id, 49df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt const char *field); 50df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidtstatic char * db_get_osu_config_val(struct hs20_svc *ctx, const char *realm, 51df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt const char *field); 52df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidtstatic xml_node_t * build_policy(struct hs20_svc *ctx, const char *user, 53df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt const char *realm, int use_dmacc); 54df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 55df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 56df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidtstatic int db_add_session(struct hs20_svc *ctx, 57df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt const char *user, const char *realm, 58df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt const char *sessionid, const char *pw, 59df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt const char *redirect_uri, 60df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt enum hs20_session_operation operation) 61df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt{ 62df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt char *sql; 63df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt int ret = 0; 64df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 65df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt sql = sqlite3_mprintf("INSERT INTO sessions(timestamp,id,user,realm," 66df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt "operation,password,redirect_uri) " 67df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt "VALUES " 68df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt "(strftime('%%Y-%%m-%%d %%H:%%M:%%f','now')," 69df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt "%Q,%Q,%Q,%d,%Q,%Q)", 70df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt sessionid, user ? user : "", realm ? realm : "", 71df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt operation, pw ? pw : "", 72df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt redirect_uri ? redirect_uri : ""); 73df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (sql == NULL) 74df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt return -1; 75df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt debug_print(ctx, 1, "DB: %s", sql); 76df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (sqlite3_exec(ctx->db, sql, NULL, NULL, NULL) != SQLITE_OK) { 77df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt debug_print(ctx, 1, "Failed to add session entry into sqlite " 78df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt "database: %s", sqlite3_errmsg(ctx->db)); 79df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt ret = -1; 80df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt } 81df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt sqlite3_free(sql); 82df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt return ret; 83df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt} 84df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 85df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 86df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidtstatic void db_update_session_password(struct hs20_svc *ctx, const char *user, 87df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt const char *realm, const char *sessionid, 88df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt const char *pw) 89df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt{ 90df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt char *sql; 91df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 92df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt sql = sqlite3_mprintf("UPDATE sessions SET password=%Q WHERE id=%Q AND " 93df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt "user=%Q AND realm=%Q", 94df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt pw, sessionid, user, realm); 95df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (sql == NULL) 96df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt return; 97df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt debug_print(ctx, 1, "DB: %s", sql); 98df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (sqlite3_exec(ctx->db, sql, NULL, NULL, NULL) != SQLITE_OK) { 99df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt debug_print(ctx, 1, "Failed to update session password: %s", 100df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt sqlite3_errmsg(ctx->db)); 101df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt } 102df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt sqlite3_free(sql); 103df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt} 104df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 105df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 106216983bceec7c450951e2fbcd076b5c75d432e57Dmitry Shmidtstatic void db_update_session_machine_managed(struct hs20_svc *ctx, 107216983bceec7c450951e2fbcd076b5c75d432e57Dmitry Shmidt const char *user, 108216983bceec7c450951e2fbcd076b5c75d432e57Dmitry Shmidt const char *realm, 109216983bceec7c450951e2fbcd076b5c75d432e57Dmitry Shmidt const char *sessionid, 110216983bceec7c450951e2fbcd076b5c75d432e57Dmitry Shmidt const int pw_mm) 111216983bceec7c450951e2fbcd076b5c75d432e57Dmitry Shmidt{ 112216983bceec7c450951e2fbcd076b5c75d432e57Dmitry Shmidt char *sql; 113216983bceec7c450951e2fbcd076b5c75d432e57Dmitry Shmidt 114216983bceec7c450951e2fbcd076b5c75d432e57Dmitry Shmidt sql = sqlite3_mprintf("UPDATE sessions SET machine_managed=%Q WHERE id=%Q AND user=%Q AND realm=%Q", 115216983bceec7c450951e2fbcd076b5c75d432e57Dmitry Shmidt pw_mm ? "1" : "0", sessionid, user, realm); 116216983bceec7c450951e2fbcd076b5c75d432e57Dmitry Shmidt if (sql == NULL) 117216983bceec7c450951e2fbcd076b5c75d432e57Dmitry Shmidt return; 118216983bceec7c450951e2fbcd076b5c75d432e57Dmitry Shmidt debug_print(ctx, 1, "DB: %s", sql); 119216983bceec7c450951e2fbcd076b5c75d432e57Dmitry Shmidt if (sqlite3_exec(ctx->db, sql, NULL, NULL, NULL) != SQLITE_OK) { 120216983bceec7c450951e2fbcd076b5c75d432e57Dmitry Shmidt debug_print(ctx, 1, 121216983bceec7c450951e2fbcd076b5c75d432e57Dmitry Shmidt "Failed to update session machine_managed: %s", 122216983bceec7c450951e2fbcd076b5c75d432e57Dmitry Shmidt sqlite3_errmsg(ctx->db)); 123216983bceec7c450951e2fbcd076b5c75d432e57Dmitry Shmidt } 124216983bceec7c450951e2fbcd076b5c75d432e57Dmitry Shmidt sqlite3_free(sql); 125216983bceec7c450951e2fbcd076b5c75d432e57Dmitry Shmidt} 126216983bceec7c450951e2fbcd076b5c75d432e57Dmitry Shmidt 127216983bceec7c450951e2fbcd076b5c75d432e57Dmitry Shmidt 128df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidtstatic void db_add_session_pps(struct hs20_svc *ctx, const char *user, 129df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt const char *realm, const char *sessionid, 130df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt xml_node_t *node) 131df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt{ 132df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt char *str; 133df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt char *sql; 134df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 135df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt str = xml_node_to_str(ctx->xml, node); 136df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (str == NULL) 137df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt return; 138df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt sql = sqlite3_mprintf("UPDATE sessions SET pps=%Q WHERE id=%Q AND " 139df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt "user=%Q AND realm=%Q", 140df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt str, sessionid, user, realm); 141df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt free(str); 142df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (sql == NULL) 143df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt return; 144df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt debug_print(ctx, 1, "DB: %s", sql); 145df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (sqlite3_exec(ctx->db, sql, NULL, NULL, NULL) != SQLITE_OK) { 146df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt debug_print(ctx, 1, "Failed to add session pps: %s", 147df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt sqlite3_errmsg(ctx->db)); 148df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt } 149df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt sqlite3_free(sql); 150df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt} 151df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 152df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 153df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidtstatic void db_add_session_devinfo(struct hs20_svc *ctx, const char *sessionid, 154df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt xml_node_t *node) 155df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt{ 156df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt char *str; 157df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt char *sql; 158df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 159df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt str = xml_node_to_str(ctx->xml, node); 160df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (str == NULL) 161df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt return; 162df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt sql = sqlite3_mprintf("UPDATE sessions SET devinfo=%Q WHERE id=%Q", 163df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt str, sessionid); 164df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt free(str); 165df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (sql == NULL) 166df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt return; 167df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt debug_print(ctx, 1, "DB: %s", sql); 168df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (sqlite3_exec(ctx->db, sql, NULL, NULL, NULL) != SQLITE_OK) { 169df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt debug_print(ctx, 1, "Failed to add session devinfo: %s", 170df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt sqlite3_errmsg(ctx->db)); 171df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt } 172df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt sqlite3_free(sql); 173df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt} 174df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 175df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 176df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidtstatic void db_add_session_devdetail(struct hs20_svc *ctx, 177df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt const char *sessionid, 178df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt xml_node_t *node) 179df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt{ 180df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt char *str; 181df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt char *sql; 182df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 183df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt str = xml_node_to_str(ctx->xml, node); 184df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (str == NULL) 185df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt return; 186df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt sql = sqlite3_mprintf("UPDATE sessions SET devdetail=%Q WHERE id=%Q", 187df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt str, sessionid); 188df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt free(str); 189df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (sql == NULL) 190df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt return; 191df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt debug_print(ctx, 1, "DB: %s", sql); 192df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (sqlite3_exec(ctx->db, sql, NULL, NULL, NULL) != SQLITE_OK) { 193df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt debug_print(ctx, 1, "Failed to add session devdetail: %s", 194df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt sqlite3_errmsg(ctx->db)); 195df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt } 196df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt sqlite3_free(sql); 197df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt} 198df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 199df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 200df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidtstatic void db_remove_session(struct hs20_svc *ctx, 201df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt const char *user, const char *realm, 202df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt const char *sessionid) 203df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt{ 204df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt char *sql; 205df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 206df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (user == NULL || realm == NULL) { 207df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt sql = sqlite3_mprintf("DELETE FROM sessions WHERE " 208df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt "id=%Q", sessionid); 209df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt } else { 210df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt sql = sqlite3_mprintf("DELETE FROM sessions WHERE " 211df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt "user=%Q AND realm=%Q AND id=%Q", 212df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt user, realm, sessionid); 213df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt } 214df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (sql == NULL) 215df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt return; 216df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt debug_print(ctx, 1, "DB: %s", sql); 217df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (sqlite3_exec(ctx->db, sql, NULL, NULL, NULL) != SQLITE_OK) { 218df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt debug_print(ctx, 1, "Failed to delete session entry from " 219df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt "sqlite database: %s", sqlite3_errmsg(ctx->db)); 220df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt } 221df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt sqlite3_free(sql); 222df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt} 223df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 224df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 225df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidtstatic void hs20_eventlog(struct hs20_svc *ctx, 226df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt const char *user, const char *realm, 227df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt const char *sessionid, const char *notes, 228df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt const char *dump) 229df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt{ 230df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt char *sql; 231df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt char *user_buf = NULL, *realm_buf = NULL; 232df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 233df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt debug_print(ctx, 1, "eventlog: %s", notes); 234df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 235df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (user == NULL) { 236df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt user_buf = db_get_session_val(ctx, NULL, NULL, sessionid, 237df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt "user"); 238df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt user = user_buf; 239df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt realm_buf = db_get_session_val(ctx, NULL, NULL, sessionid, 240df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt "realm"); 241df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt realm = realm_buf; 242df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt } 243df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 244df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt sql = sqlite3_mprintf("INSERT INTO eventlog" 245df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt "(user,realm,sessionid,timestamp,notes,dump,addr)" 246df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt " VALUES (%Q,%Q,%Q," 247df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt "strftime('%%Y-%%m-%%d %%H:%%M:%%f','now')," 248df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt "%Q,%Q,%Q)", 249df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt user, realm, sessionid, notes, 250df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt dump ? dump : "", ctx->addr ? ctx->addr : ""); 251df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt free(user_buf); 252df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt free(realm_buf); 253df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (sql == NULL) 254df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt return; 255df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (sqlite3_exec(ctx->db, sql, NULL, NULL, NULL) != SQLITE_OK) { 256df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt debug_print(ctx, 1, "Failed to add eventlog entry into sqlite " 257df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt "database: %s", sqlite3_errmsg(ctx->db)); 258df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt } 259df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt sqlite3_free(sql); 260df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt} 261df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 262df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 263df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidtstatic void hs20_eventlog_node(struct hs20_svc *ctx, 264df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt const char *user, const char *realm, 265df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt const char *sessionid, const char *notes, 266df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt xml_node_t *node) 267df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt{ 268df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt char *str; 269df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 270df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (node) 271df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt str = xml_node_to_str(ctx->xml, node); 272df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt else 273df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt str = NULL; 274df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt hs20_eventlog(ctx, user, realm, sessionid, notes, str); 275df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt free(str); 276df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt} 277df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 278df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 279df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidtstatic void db_update_mo_str(struct hs20_svc *ctx, const char *user, 280df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt const char *realm, const char *name, 281df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt const char *str) 282df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt{ 283df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt char *sql; 284df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (user == NULL || realm == NULL || name == NULL) 285df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt return; 286df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt sql = sqlite3_mprintf("UPDATE users SET %s=%Q " 287df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt "WHERE identity=%Q AND realm=%Q AND phase2=1", 288df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt name, str, user, realm); 289df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (sql == NULL) 290df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt return; 291df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt debug_print(ctx, 1, "DB: %s", sql); 292df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (sqlite3_exec(ctx->db, sql, NULL, NULL, NULL) != SQLITE_OK) { 293df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt debug_print(ctx, 1, "Failed to update user MO entry in sqlite " 294df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt "database: %s", sqlite3_errmsg(ctx->db)); 295df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt } 296df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt sqlite3_free(sql); 297df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt} 298df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 299df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 300df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidtstatic void db_update_mo(struct hs20_svc *ctx, const char *user, 301df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt const char *realm, const char *name, xml_node_t *mo) 302df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt{ 303df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt char *str; 304df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 305df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt str = xml_node_to_str(ctx->xml, mo); 306df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (str == NULL) 307df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt return; 308df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 309df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt db_update_mo_str(ctx, user, realm, name, str); 310df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt free(str); 311df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt} 312df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 313df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 314df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidtstatic void add_text_node(struct hs20_svc *ctx, xml_node_t *parent, 315df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt const char *name, const char *value) 316df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt{ 317df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt xml_node_create_text(ctx->xml, parent, NULL, name, value ? value : ""); 318df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt} 319df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 320df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 321df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidtstatic void add_text_node_conf(struct hs20_svc *ctx, const char *realm, 322df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt xml_node_t *parent, const char *name, 323df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt const char *field) 324df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt{ 325df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt char *val; 326df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt val = db_get_osu_config_val(ctx, realm, field); 327df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt xml_node_create_text(ctx->xml, parent, NULL, name, val ? val : ""); 328df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt os_free(val); 329df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt} 330df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 331df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 332df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidtstatic int new_password(char *buf, int buflen) 333df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt{ 334df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt int i; 335df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 336df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (buflen < 1) 337df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt return -1; 338df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt buf[buflen - 1] = '\0'; 339df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (os_get_random((unsigned char *) buf, buflen - 1) < 0) 340df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt return -1; 341df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 342df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt for (i = 0; i < buflen - 1; i++) { 343df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt unsigned char val = buf[i]; 344df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt val %= 2 * 26 + 10; 345df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (val < 26) 346df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt buf[i] = 'a' + val; 347df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt else if (val < 2 * 26) 348df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt buf[i] = 'A' + val - 26; 349df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt else 350df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt buf[i] = '0' + val - 2 * 26; 351df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt } 352df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 353df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt return 0; 354df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt} 355df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 356df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 357df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidtstruct get_db_field_data { 358df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt const char *field; 359df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt char *value; 360df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt}; 361df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 362df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 363df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidtstatic int get_db_field(void *ctx, int argc, char *argv[], char *col[]) 364df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt{ 365df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt struct get_db_field_data *data = ctx; 366df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt int i; 367df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 368df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt for (i = 0; i < argc; i++) { 369df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (os_strcmp(col[i], data->field) == 0 && argv[i]) { 370df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt os_free(data->value); 371df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt data->value = os_strdup(argv[i]); 372df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt break; 373df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt } 374df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt } 375df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 376df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt return 0; 377df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt} 378df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 379df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 380df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidtstatic char * db_get_val(struct hs20_svc *ctx, const char *user, 381df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt const char *realm, const char *field, int dmacc) 382df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt{ 383df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt char *cmd; 384df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt struct get_db_field_data data; 385df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 386df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt cmd = sqlite3_mprintf("SELECT %s FROM users WHERE " 387df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt "%s=%Q AND realm=%Q AND phase2=1", 388df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt field, dmacc ? "osu_user" : "identity", 389df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt user, realm); 390df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (cmd == NULL) 391df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt return NULL; 392df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt memset(&data, 0, sizeof(data)); 393df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt data.field = field; 394df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (sqlite3_exec(ctx->db, cmd, get_db_field, &data, NULL) != SQLITE_OK) 395df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt { 396df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt debug_print(ctx, 1, "Could not find user '%s'", user); 397df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt sqlite3_free(cmd); 398df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt return NULL; 399df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt } 400df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt sqlite3_free(cmd); 401df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 402df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt debug_print(ctx, 1, "DB: user='%s' realm='%s' field='%s' dmacc=%d --> " 403df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt "value='%s'", user, realm, field, dmacc, data.value); 404df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 405df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt return data.value; 406df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt} 407df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 408df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 409df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidtstatic int db_update_val(struct hs20_svc *ctx, const char *user, 410df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt const char *realm, const char *field, 411df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt const char *val, int dmacc) 412df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt{ 413df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt char *cmd; 414df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt int ret; 415df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 416df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt cmd = sqlite3_mprintf("UPDATE users SET %s=%Q WHERE " 417df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt "%s=%Q AND realm=%Q AND phase2=1", 418df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt field, val, dmacc ? "osu_user" : "identity", user, 419df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt realm); 420df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (cmd == NULL) 421df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt return -1; 422df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt debug_print(ctx, 1, "DB: %s", cmd); 423df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (sqlite3_exec(ctx->db, cmd, NULL, NULL, NULL) != SQLITE_OK) { 424df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt debug_print(ctx, 1, 425df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt "Failed to update user in sqlite database: %s", 426df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt sqlite3_errmsg(ctx->db)); 427df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt ret = -1; 428df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt } else { 429df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt debug_print(ctx, 1, 430df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt "DB: user='%s' realm='%s' field='%s' set to '%s'", 431df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt user, realm, field, val); 432df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt ret = 0; 433df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt } 434df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt sqlite3_free(cmd); 435df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 436df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt return ret; 437df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt} 438df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 439df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 440df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidtstatic char * db_get_session_val(struct hs20_svc *ctx, const char *user, 441df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt const char *realm, const char *session_id, 442df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt const char *field) 443df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt{ 444df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt char *cmd; 445df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt struct get_db_field_data data; 446df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 447df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (user == NULL || realm == NULL) { 448df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt cmd = sqlite3_mprintf("SELECT %s FROM sessions WHERE " 449df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt "id=%Q", field, session_id); 450df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt } else { 451df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt cmd = sqlite3_mprintf("SELECT %s FROM sessions WHERE " 452df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt "user=%Q AND realm=%Q AND id=%Q", 453df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt field, user, realm, session_id); 454df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt } 455df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (cmd == NULL) 456df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt return NULL; 457df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt debug_print(ctx, 1, "DB: %s", cmd); 458df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt memset(&data, 0, sizeof(data)); 459df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt data.field = field; 460df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (sqlite3_exec(ctx->db, cmd, get_db_field, &data, NULL) != SQLITE_OK) 461df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt { 462df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt debug_print(ctx, 1, "DB: Could not find session %s: %s", 463df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt session_id, sqlite3_errmsg(ctx->db)); 464df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt sqlite3_free(cmd); 465df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt return NULL; 466df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt } 467df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt sqlite3_free(cmd); 468df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 469df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt debug_print(ctx, 1, "DB: return '%s'", data.value); 470df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt return data.value; 471df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt} 472df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 473df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 474df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidtstatic int update_password(struct hs20_svc *ctx, const char *user, 475df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt const char *realm, const char *pw, int dmacc) 476df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt{ 477df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt char *cmd; 478df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 479df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt cmd = sqlite3_mprintf("UPDATE users SET password=%Q, " 480df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt "remediation='' " 481df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt "WHERE %s=%Q AND phase2=1", 482df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt pw, dmacc ? "osu_user" : "identity", 483df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt user); 484df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (cmd == NULL) 485df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt return -1; 486df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt debug_print(ctx, 1, "DB: %s", cmd); 487df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (sqlite3_exec(ctx->db, cmd, NULL, NULL, NULL) != SQLITE_OK) { 488df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt debug_print(ctx, 1, "Failed to update database for user '%s'", 489df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt user); 490df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt } 491df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt sqlite3_free(cmd); 492df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 493df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt return 0; 494df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt} 495df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 496df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 497df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidtstatic int add_eap_ttls(struct hs20_svc *ctx, xml_node_t *parent) 498df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt{ 499df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt xml_node_t *node; 500df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 501df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt node = xml_node_create(ctx->xml, parent, NULL, "EAPMethod"); 502df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (node == NULL) 503df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt return -1; 504df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 505df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt add_text_node(ctx, node, "EAPType", "21"); 506df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt add_text_node(ctx, node, "InnerMethod", "MS-CHAP-V2"); 507df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 508df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt return 0; 509df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt} 510df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 511df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 512df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidtstatic xml_node_t * build_username_password(struct hs20_svc *ctx, 513df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt xml_node_t *parent, 514df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt const char *user, const char *pw) 515df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt{ 516df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt xml_node_t *node; 517df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt char *b64; 518df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 519df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt node = xml_node_create(ctx->xml, parent, NULL, "UsernamePassword"); 520df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (node == NULL) 521df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt return NULL; 522df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 523df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt add_text_node(ctx, node, "Username", user); 524df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 525df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt b64 = (char *) base64_encode((unsigned char *) pw, strlen(pw), NULL); 526df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (b64 == NULL) 527df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt return NULL; 528df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt add_text_node(ctx, node, "Password", b64); 529df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt free(b64); 530df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 531df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt return node; 532df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt} 533df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 534df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 535df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidtstatic int add_username_password(struct hs20_svc *ctx, xml_node_t *cred, 536df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt const char *user, const char *pw) 537df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt{ 538df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt xml_node_t *node; 539df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 540df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt node = build_username_password(ctx, cred, user, pw); 541df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (node == NULL) 542df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt return -1; 543df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 544df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt add_text_node(ctx, node, "MachineManaged", "TRUE"); 545df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt add_text_node(ctx, node, "SoftTokenApp", ""); 546df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt add_eap_ttls(ctx, node); 547df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 548df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt return 0; 549df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt} 550df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 551df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 552df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidtstatic void add_creation_date(struct hs20_svc *ctx, xml_node_t *cred) 553df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt{ 554df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt char str[30]; 555df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt time_t now; 556df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt struct tm tm; 557df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 558df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt time(&now); 559df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt gmtime_r(&now, &tm); 560df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt snprintf(str, sizeof(str), "%04u-%02u-%02uT%02u:%02u:%02uZ", 561df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt tm.tm_year + 1900, tm.tm_mon + 1, tm.tm_mday, 562df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt tm.tm_hour, tm.tm_min, tm.tm_sec); 563df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt xml_node_create_text(ctx->xml, cred, NULL, "CreationDate", str); 564df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt} 565df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 566df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 567df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidtstatic xml_node_t * build_credential_pw(struct hs20_svc *ctx, 568df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt const char *user, const char *realm, 569df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt const char *pw) 570df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt{ 571df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt xml_node_t *cred; 572df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 573df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt cred = xml_node_create_root(ctx->xml, NULL, NULL, NULL, "Credential"); 574df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (cred == NULL) { 575df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt debug_print(ctx, 1, "Failed to create Credential node"); 576df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt return NULL; 577df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt } 578df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt add_creation_date(ctx, cred); 579df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (add_username_password(ctx, cred, user, pw) < 0) { 580df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt xml_node_free(ctx->xml, cred); 581df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt return NULL; 582df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt } 583df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt add_text_node(ctx, cred, "Realm", realm); 584df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 585df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt return cred; 586df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt} 587df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 588df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 589df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidtstatic xml_node_t * build_credential(struct hs20_svc *ctx, 590df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt const char *user, const char *realm, 591df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt char *new_pw, size_t new_pw_len) 592df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt{ 593df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (new_password(new_pw, new_pw_len) < 0) 594df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt return NULL; 595df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt debug_print(ctx, 1, "Update password to '%s'", new_pw); 596df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt return build_credential_pw(ctx, user, realm, new_pw); 597df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt} 598df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 599df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 600df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidtstatic xml_node_t * build_credential_cert(struct hs20_svc *ctx, 601df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt const char *user, const char *realm, 602df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt const char *cert_fingerprint) 603df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt{ 604df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt xml_node_t *cred, *cert; 605df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 606df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt cred = xml_node_create_root(ctx->xml, NULL, NULL, NULL, "Credential"); 607df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (cred == NULL) { 608df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt debug_print(ctx, 1, "Failed to create Credential node"); 609df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt return NULL; 610df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt } 611df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt add_creation_date(ctx, cred); 612df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt cert = xml_node_create(ctx->xml, cred, NULL, "DigitalCertificate"); 613df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt add_text_node(ctx, cert, "CertificateType", "x509v3"); 614df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt add_text_node(ctx, cert, "CertSHA256Fingerprint", cert_fingerprint); 615df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt add_text_node(ctx, cred, "Realm", realm); 616df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 617df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt return cred; 618df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt} 619df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 620df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 621df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidtstatic xml_node_t * build_post_dev_data_response(struct hs20_svc *ctx, 622df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt xml_namespace_t **ret_ns, 623df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt const char *session_id, 624df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt const char *status, 625df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt const char *error_code) 626df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt{ 627df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt xml_node_t *spp_node = NULL; 628df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt xml_namespace_t *ns; 629df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 630df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt spp_node = xml_node_create_root(ctx->xml, SPP_NS_URI, "spp", &ns, 631df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt "sppPostDevDataResponse"); 632df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (spp_node == NULL) 633df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt return NULL; 634df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (ret_ns) 635df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt *ret_ns = ns; 636df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 637df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt xml_node_add_attr(ctx->xml, spp_node, ns, "sppVersion", "1.0"); 638df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt xml_node_add_attr(ctx->xml, spp_node, ns, "sessionID", session_id); 639df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt xml_node_add_attr(ctx->xml, spp_node, ns, "sppStatus", status); 640df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 641df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (error_code) { 642df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt xml_node_t *node; 643df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt node = xml_node_create(ctx->xml, spp_node, ns, "sppError"); 644df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (node) 645df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt xml_node_add_attr(ctx->xml, node, NULL, "errorCode", 646df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt error_code); 647df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt } 648df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 649df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt return spp_node; 650df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt} 651df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 652df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 653df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidtstatic int add_update_node(struct hs20_svc *ctx, xml_node_t *spp_node, 654df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt xml_namespace_t *ns, const char *uri, 655df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt xml_node_t *upd_node) 656df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt{ 657df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt xml_node_t *node, *tnds; 658df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt char *str; 659df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 660df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt tnds = mo_to_tnds(ctx->xml, upd_node, 0, NULL, NULL); 661df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (!tnds) 662df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt return -1; 663df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 664df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt str = xml_node_to_str(ctx->xml, tnds); 665df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt xml_node_free(ctx->xml, tnds); 666df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (str == NULL) 667df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt return -1; 668df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt node = xml_node_create_text(ctx->xml, spp_node, ns, "updateNode", str); 669df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt free(str); 670df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 671df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt xml_node_add_attr(ctx->xml, node, ns, "managementTreeURI", uri); 672df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 673df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt return 0; 674df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt} 675df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 676df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 677df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidtstatic xml_node_t * build_sub_rem_resp(struct hs20_svc *ctx, 678df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt const char *user, const char *realm, 679df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt const char *session_id, 680df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt int machine_rem, int dmacc) 681df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt{ 682df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt xml_namespace_t *ns; 683df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt xml_node_t *spp_node, *cred; 684df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt char buf[400]; 685df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt char new_pw[33]; 686df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt char *real_user = NULL; 687df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt char *status; 688df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt char *cert; 689df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 690df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (dmacc) { 691df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt real_user = db_get_val(ctx, user, realm, "identity", dmacc); 692df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (real_user == NULL) { 693df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt debug_print(ctx, 1, "Could not find user identity for " 694df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt "dmacc user '%s'", user); 695df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt return NULL; 696df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt } 697df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt } 698df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 699df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt cert = db_get_val(ctx, user, realm, "cert", dmacc); 700df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (cert && cert[0] == '\0') 701df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt cert = NULL; 702df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (cert) { 703df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt cred = build_credential_cert(ctx, real_user ? real_user : user, 704df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt realm, cert); 705df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt } else { 706df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt cred = build_credential(ctx, real_user ? real_user : user, 707df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt realm, new_pw, sizeof(new_pw)); 708df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt } 709df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt free(real_user); 710df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (!cred) { 711df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt debug_print(ctx, 1, "Could not build credential"); 712df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt return NULL; 713df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt } 714df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 715df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt status = "Remediation complete, request sppUpdateResponse"; 716df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt spp_node = build_post_dev_data_response(ctx, &ns, session_id, status, 717df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt NULL); 718df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (spp_node == NULL) { 719df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt debug_print(ctx, 1, "Could not build sppPostDevDataResponse"); 720df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt return NULL; 721df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt } 722df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 723df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt snprintf(buf, sizeof(buf), 724df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt "./Wi-Fi/%s/PerProviderSubscription/Credential1/Credential", 725df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt realm); 726df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 727df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (add_update_node(ctx, spp_node, ns, buf, cred) < 0) { 728df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt debug_print(ctx, 1, "Could not add update node"); 729df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt xml_node_free(ctx->xml, spp_node); 730df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt return NULL; 731df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt } 732df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 733df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt hs20_eventlog_node(ctx, user, realm, session_id, 734df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt machine_rem ? "machine remediation" : 735df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt "user remediation", cred); 736df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt xml_node_free(ctx->xml, cred); 737df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 738df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (cert) { 739df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt debug_print(ctx, 1, "Certificate credential - no need for DB " 740df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt "password update on success notification"); 741df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt } else { 742df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt debug_print(ctx, 1, "Request DB password update on success " 743df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt "notification"); 744df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt db_add_session(ctx, user, realm, session_id, new_pw, NULL, 745df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt UPDATE_PASSWORD); 746df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt } 747df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 748df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt return spp_node; 749df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt} 750df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 751df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 752df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidtstatic xml_node_t * machine_remediation(struct hs20_svc *ctx, 753df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt const char *user, 754df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt const char *realm, 755df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt const char *session_id, int dmacc) 756df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt{ 757df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt return build_sub_rem_resp(ctx, user, realm, session_id, 1, dmacc); 758df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt} 759df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 760df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 761df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidtstatic xml_node_t * policy_remediation(struct hs20_svc *ctx, 762df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt const char *user, const char *realm, 763df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt const char *session_id, int dmacc) 764df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt{ 765df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt xml_namespace_t *ns; 766df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt xml_node_t *spp_node, *policy; 767df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt char buf[400]; 768df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt const char *status; 769df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 770df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt hs20_eventlog(ctx, user, realm, session_id, 771df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt "requires policy remediation", NULL); 772df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 773df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt db_add_session(ctx, user, realm, session_id, NULL, NULL, 774df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt POLICY_REMEDIATION); 775df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 776df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt policy = build_policy(ctx, user, realm, dmacc); 777df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (!policy) { 778df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt return build_post_dev_data_response( 779df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt ctx, NULL, session_id, 780df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt "No update available at this time", NULL); 781df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt } 782df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 783df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt status = "Remediation complete, request sppUpdateResponse"; 784df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt spp_node = build_post_dev_data_response(ctx, &ns, session_id, status, 785df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt NULL); 786df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (spp_node == NULL) 787df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt return NULL; 788df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 789df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt snprintf(buf, sizeof(buf), 790df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt "./Wi-Fi/%s/PerProviderSubscription/Credential1/Policy", 791df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt realm); 792df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 793df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (add_update_node(ctx, spp_node, ns, buf, policy) < 0) { 794df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt xml_node_free(ctx->xml, spp_node); 795df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt xml_node_free(ctx->xml, policy); 796df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt return NULL; 797df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt } 798df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 799df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt hs20_eventlog_node(ctx, user, realm, session_id, 800df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt "policy update (sub rem)", policy); 801df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt xml_node_free(ctx->xml, policy); 802df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 803df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt return spp_node; 804df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt} 805df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 806df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 807df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidtstatic xml_node_t * browser_remediation(struct hs20_svc *ctx, 808df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt const char *session_id, 809df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt const char *redirect_uri, 810df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt const char *uri) 811df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt{ 812df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt xml_namespace_t *ns; 813df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt xml_node_t *spp_node, *exec_node; 814df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 815df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (redirect_uri == NULL) { 816df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt debug_print(ctx, 1, "Missing redirectURI attribute for user " 817df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt "remediation"); 818df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt return NULL; 819df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt } 820df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt debug_print(ctx, 1, "redirectURI %s", redirect_uri); 821df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 822df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt spp_node = build_post_dev_data_response(ctx, &ns, session_id, "OK", 823df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt NULL); 824df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (spp_node == NULL) 825df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt return NULL; 826df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 827df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt exec_node = xml_node_create(ctx->xml, spp_node, ns, "exec"); 828df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt xml_node_create_text(ctx->xml, exec_node, ns, "launchBrowserToURI", 829df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt uri); 830df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt return spp_node; 831df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt} 832df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 833df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 834df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidtstatic xml_node_t * user_remediation(struct hs20_svc *ctx, const char *user, 835df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt const char *realm, const char *session_id, 836df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt const char *redirect_uri) 837df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt{ 838df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt char uri[300], *val; 839df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 840df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt hs20_eventlog(ctx, user, realm, session_id, 841df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt "requires user remediation", NULL); 842df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt val = db_get_osu_config_val(ctx, realm, "remediation_url"); 843df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (val == NULL) 844df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt return NULL; 845df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 846df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt db_add_session(ctx, user, realm, session_id, NULL, redirect_uri, 847df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt USER_REMEDIATION); 848df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 849df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt snprintf(uri, sizeof(uri), "%s%s", val, session_id); 850df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt os_free(val); 851df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt return browser_remediation(ctx, session_id, redirect_uri, uri); 852df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt} 853df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 854df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 855df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidtstatic xml_node_t * free_remediation(struct hs20_svc *ctx, 856df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt const char *user, const char *realm, 857df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt const char *session_id, 858df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt const char *redirect_uri) 859df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt{ 860df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt char uri[300], *val; 861df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 862df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt hs20_eventlog(ctx, user, realm, session_id, 863df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt "requires free/public account remediation", NULL); 864df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt val = db_get_osu_config_val(ctx, realm, "free_remediation_url"); 865df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (val == NULL) 866df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt return NULL; 867df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 868df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt db_add_session(ctx, user, realm, session_id, NULL, redirect_uri, 869df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt FREE_REMEDIATION); 870df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 871df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt snprintf(uri, sizeof(uri), "%s%s", val, session_id); 872df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt os_free(val); 873df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt return browser_remediation(ctx, session_id, redirect_uri, uri); 874df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt} 875df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 876df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 877df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidtstatic xml_node_t * no_sub_rem(struct hs20_svc *ctx, 878df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt const char *user, const char *realm, 879df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt const char *session_id) 880df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt{ 881df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt const char *status; 882df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 883df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt hs20_eventlog(ctx, user, realm, session_id, 884df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt "no subscription mediation available", NULL); 885df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 886df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt status = "No update available at this time"; 887df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt return build_post_dev_data_response(ctx, NULL, session_id, status, 888df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt NULL); 889df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt} 890df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 891df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 892df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidtstatic xml_node_t * hs20_subscription_remediation(struct hs20_svc *ctx, 893df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt const char *user, 894df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt const char *realm, 895df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt const char *session_id, 896df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt int dmacc, 897df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt const char *redirect_uri) 898df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt{ 899df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt char *type, *identity; 900df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt xml_node_t *ret; 901df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt char *free_account; 902df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 903df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt identity = db_get_val(ctx, user, realm, "identity", dmacc); 904df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (identity == NULL || strlen(identity) == 0) { 905df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt hs20_eventlog(ctx, user, realm, session_id, 906df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt "user not found in database for remediation", 907df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt NULL); 908df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt os_free(identity); 909df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt return build_post_dev_data_response(ctx, NULL, session_id, 910df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt "Error occurred", 911df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt "Not found"); 912df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt } 913df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt os_free(identity); 914df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 915df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt free_account = db_get_osu_config_val(ctx, realm, "free_account"); 916df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (free_account && strcmp(free_account, user) == 0) { 917df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt free(free_account); 918df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt return no_sub_rem(ctx, user, realm, session_id); 919df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt } 920df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt free(free_account); 921df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 922df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt type = db_get_val(ctx, user, realm, "remediation", dmacc); 923df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (type && strcmp(type, "free") != 0) { 924df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt char *val; 925df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt int shared = 0; 926df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt val = db_get_val(ctx, user, realm, "shared", dmacc); 927df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (val) 928df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt shared = atoi(val); 929df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt free(val); 930df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (shared) { 931df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt free(type); 932df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt return no_sub_rem(ctx, user, realm, session_id); 933df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt } 934df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt } 935df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (type && strcmp(type, "user") == 0) 936df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt ret = user_remediation(ctx, user, realm, session_id, 937df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt redirect_uri); 938df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt else if (type && strcmp(type, "free") == 0) 939df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt ret = free_remediation(ctx, user, realm, session_id, 940df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt redirect_uri); 941df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt else if (type && strcmp(type, "policy") == 0) 942df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt ret = policy_remediation(ctx, user, realm, session_id, dmacc); 943df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt else 944df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt ret = machine_remediation(ctx, user, realm, session_id, dmacc); 945df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt free(type); 946df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 947df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt return ret; 948df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt} 949df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 950df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 951df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidtstatic xml_node_t * build_policy(struct hs20_svc *ctx, const char *user, 952df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt const char *realm, int use_dmacc) 953df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt{ 954df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt char *policy_id; 955df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt char fname[200]; 956df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt xml_node_t *policy, *node; 957df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 958df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt policy_id = db_get_val(ctx, user, realm, "policy", use_dmacc); 959df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (policy_id == NULL || strlen(policy_id) == 0) { 960df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt free(policy_id); 961df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt policy_id = strdup("default"); 962df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (policy_id == NULL) 963df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt return NULL; 964df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt } 965df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 966df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt snprintf(fname, sizeof(fname), "%s/spp/policy/%s.xml", 967df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt ctx->root_dir, policy_id); 968df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt free(policy_id); 969df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt debug_print(ctx, 1, "Use policy file %s", fname); 970df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 971df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt policy = node_from_file(ctx->xml, fname); 972df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (policy == NULL) 973df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt return NULL; 974df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 975df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt node = get_node_uri(ctx->xml, policy, "Policy/PolicyUpdate/URI"); 976df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (node) { 977df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt char *url; 978df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt url = db_get_osu_config_val(ctx, realm, "policy_url"); 979df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (url == NULL) { 980df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt xml_node_free(ctx->xml, policy); 981df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt return NULL; 982df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt } 983df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt xml_node_set_text(ctx->xml, node, url); 984df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt free(url); 985df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt } 986df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 987df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt node = get_node_uri(ctx->xml, policy, "Policy/PolicyUpdate"); 988df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (node && use_dmacc) { 989df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt char *pw; 990df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt pw = db_get_val(ctx, user, realm, "osu_password", use_dmacc); 991df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (pw == NULL || 992df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt build_username_password(ctx, node, user, pw) == NULL) { 993df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt debug_print(ctx, 1, "Failed to add Policy/PolicyUpdate/" 994df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt "UsernamePassword"); 995df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt free(pw); 996df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt xml_node_free(ctx->xml, policy); 997df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt return NULL; 998df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt } 999df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt free(pw); 1000df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt } 1001df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 1002df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt return policy; 1003df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt} 1004df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 1005df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 1006df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidtstatic xml_node_t * hs20_policy_update(struct hs20_svc *ctx, 1007df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt const char *user, const char *realm, 1008df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt const char *session_id, int dmacc) 1009df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt{ 1010df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt xml_namespace_t *ns; 1011df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt xml_node_t *spp_node; 1012df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt xml_node_t *policy; 1013df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt char buf[400]; 1014df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt const char *status; 1015df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt char *identity; 1016df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 1017df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt identity = db_get_val(ctx, user, realm, "identity", dmacc); 1018df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (identity == NULL || strlen(identity) == 0) { 1019df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt hs20_eventlog(ctx, user, realm, session_id, 1020df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt "user not found in database for policy update", 1021df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt NULL); 1022df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt os_free(identity); 1023df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt return build_post_dev_data_response(ctx, NULL, session_id, 1024df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt "Error occurred", 1025df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt "Not found"); 1026df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt } 1027df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt os_free(identity); 1028df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 1029df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt policy = build_policy(ctx, user, realm, dmacc); 1030df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (!policy) { 1031df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt return build_post_dev_data_response( 1032df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt ctx, NULL, session_id, 1033df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt "No update available at this time", NULL); 1034df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt } 1035df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 1036df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt db_add_session(ctx, user, realm, session_id, NULL, NULL, POLICY_UPDATE); 1037df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 1038df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt status = "Update complete, request sppUpdateResponse"; 1039df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt spp_node = build_post_dev_data_response(ctx, &ns, session_id, status, 1040df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt NULL); 1041df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (spp_node == NULL) 1042df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt return NULL; 1043df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 1044df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt snprintf(buf, sizeof(buf), 1045df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt "./Wi-Fi/%s/PerProviderSubscription/Credential1/Policy", 1046df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt realm); 1047df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 1048df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (add_update_node(ctx, spp_node, ns, buf, policy) < 0) { 1049df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt xml_node_free(ctx->xml, spp_node); 1050df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt xml_node_free(ctx->xml, policy); 1051df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt return NULL; 1052df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt } 1053df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 1054df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt hs20_eventlog_node(ctx, user, realm, session_id, "policy update", 1055df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt policy); 1056df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt xml_node_free(ctx->xml, policy); 1057df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 1058df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt return spp_node; 1059df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt} 1060df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 1061df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 1062df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidtstatic xml_node_t * spp_get_mo(struct hs20_svc *ctx, xml_node_t *node, 1063df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt const char *urn, int *valid, char **ret_err) 1064df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt{ 1065df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt xml_node_t *child, *tnds, *mo; 1066df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt const char *name; 1067df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt char *mo_urn; 1068df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt char *str; 1069df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt char fname[200]; 1070df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 1071df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt *valid = -1; 1072df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (ret_err) 1073df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt *ret_err = NULL; 1074df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 1075df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt xml_node_for_each_child(ctx->xml, child, node) { 1076df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt xml_node_for_each_check(ctx->xml, child); 1077df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt name = xml_node_get_localname(ctx->xml, child); 1078df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (strcmp(name, "moContainer") != 0) 1079df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt continue; 1080df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt mo_urn = xml_node_get_attr_value_ns(ctx->xml, child, SPP_NS_URI, 1081df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt "moURN"); 1082df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (strcasecmp(urn, mo_urn) == 0) { 1083df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt xml_node_get_attr_value_free(ctx->xml, mo_urn); 1084df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt break; 1085df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt } 1086df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt xml_node_get_attr_value_free(ctx->xml, mo_urn); 1087df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt } 1088df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 1089df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (child == NULL) 1090df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt return NULL; 1091df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 1092df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt debug_print(ctx, 1, "moContainer text for %s", urn); 1093df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt debug_dump_node(ctx, "moContainer", child); 1094df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 1095df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt str = xml_node_get_text(ctx->xml, child); 1096df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt debug_print(ctx, 1, "moContainer payload: '%s'", str); 1097df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt tnds = xml_node_from_buf(ctx->xml, str); 1098df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt xml_node_get_text_free(ctx->xml, str); 1099df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (tnds == NULL) { 1100df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt debug_print(ctx, 1, "could not parse moContainer text"); 1101df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt return NULL; 1102df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt } 1103df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 1104df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt snprintf(fname, sizeof(fname), "%s/spp/dm_ddf-v1_2.dtd", ctx->root_dir); 1105df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (xml_validate_dtd(ctx->xml, tnds, fname, ret_err) == 0) 1106df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt *valid = 1; 1107df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt else if (ret_err && *ret_err && 1108df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt os_strcmp(*ret_err, "No declaration for attribute xmlns of element MgmtTree\n") == 0) { 1109df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt free(*ret_err); 1110df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt debug_print(ctx, 1, "Ignore OMA-DM DDF DTD validation error for MgmtTree namespace declaration with xmlns attribute"); 1111df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt *ret_err = NULL; 1112df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt *valid = 1; 1113df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt } else 1114df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt *valid = 0; 1115df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 1116df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt mo = tnds_to_mo(ctx->xml, tnds); 1117df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt xml_node_free(ctx->xml, tnds); 1118df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (mo == NULL) { 1119df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt debug_print(ctx, 1, "invalid moContainer for %s", urn); 1120df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt } 1121df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 1122df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt return mo; 1123df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt} 1124df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 1125df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 1126df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidtstatic xml_node_t * spp_exec_upload_mo(struct hs20_svc *ctx, 1127df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt const char *session_id, const char *urn) 1128df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt{ 1129df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt xml_namespace_t *ns; 1130df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt xml_node_t *spp_node, *node, *exec_node; 1131df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 1132df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt spp_node = build_post_dev_data_response(ctx, &ns, session_id, "OK", 1133df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt NULL); 1134df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (spp_node == NULL) 1135df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt return NULL; 1136df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 1137df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt exec_node = xml_node_create(ctx->xml, spp_node, ns, "exec"); 1138df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 1139df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt node = xml_node_create(ctx->xml, exec_node, ns, "uploadMO"); 1140df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt xml_node_add_attr(ctx->xml, node, ns, "moURN", urn); 1141df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 1142df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt return spp_node; 1143df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt} 1144df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 1145df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 1146df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidtstatic xml_node_t * hs20_subscription_registration(struct hs20_svc *ctx, 1147df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt const char *realm, 1148df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt const char *session_id, 1149df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt const char *redirect_uri) 1150df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt{ 1151df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt xml_namespace_t *ns; 1152df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt xml_node_t *spp_node, *exec_node; 1153df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt char uri[300], *val; 1154df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 1155df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (db_add_session(ctx, NULL, realm, session_id, NULL, redirect_uri, 1156df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt SUBSCRIPTION_REGISTRATION) < 0) 1157df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt return NULL; 1158df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt val = db_get_osu_config_val(ctx, realm, "signup_url"); 1159df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (val == NULL) 1160df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt return NULL; 1161df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 1162df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt spp_node = build_post_dev_data_response(ctx, &ns, session_id, "OK", 1163df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt NULL); 1164df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (spp_node == NULL) 1165df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt return NULL; 1166df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 1167df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt exec_node = xml_node_create(ctx->xml, spp_node, ns, "exec"); 1168df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 1169df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt snprintf(uri, sizeof(uri), "%s%s", val, session_id); 1170df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt os_free(val); 1171df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt xml_node_create_text(ctx->xml, exec_node, ns, "launchBrowserToURI", 1172df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt uri); 1173df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt return spp_node; 1174df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt} 1175df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 1176df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 1177df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidtstatic xml_node_t * hs20_user_input_remediation(struct hs20_svc *ctx, 1178df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt const char *user, 1179df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt const char *realm, int dmacc, 1180df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt const char *session_id) 1181df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt{ 1182df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt return build_sub_rem_resp(ctx, user, realm, session_id, 0, dmacc); 1183df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt} 1184df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 1185df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 1186df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidtstatic char * db_get_osu_config_val(struct hs20_svc *ctx, const char *realm, 1187df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt const char *field) 1188df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt{ 1189df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt char *cmd; 1190df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt struct get_db_field_data data; 1191df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 1192df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt cmd = sqlite3_mprintf("SELECT value FROM osu_config WHERE realm=%Q AND " 1193df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt "field=%Q", realm, field); 1194df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (cmd == NULL) 1195df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt return NULL; 1196df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt debug_print(ctx, 1, "DB: %s", cmd); 1197df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt memset(&data, 0, sizeof(data)); 1198df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt data.field = "value"; 1199df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (sqlite3_exec(ctx->db, cmd, get_db_field, &data, NULL) != SQLITE_OK) 1200df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt { 1201df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt debug_print(ctx, 1, "DB: Could not find osu_config %s: %s", 1202df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt realm, sqlite3_errmsg(ctx->db)); 1203df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt sqlite3_free(cmd); 1204df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt return NULL; 1205df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt } 1206df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt sqlite3_free(cmd); 1207df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 1208df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt debug_print(ctx, 1, "DB: return '%s'", data.value); 1209df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt return data.value; 1210df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt} 1211df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 1212df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 1213df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidtstatic xml_node_t * build_pps(struct hs20_svc *ctx, 1214df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt const char *user, const char *realm, 1215df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt const char *pw, const char *cert, 1216df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt int machine_managed) 1217df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt{ 1218df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt xml_node_t *pps, *c, *trust, *aaa, *aaa1, *upd, *homesp; 1219df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt xml_node_t *cred, *eap, *userpw; 1220df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 1221df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt pps = xml_node_create_root(ctx->xml, NULL, NULL, NULL, 1222df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt "PerProviderSubscription"); 1223df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (pps == NULL) 1224df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt return NULL; 1225df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 1226df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt add_text_node(ctx, pps, "UpdateIdentifier", "1"); 1227df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 1228df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt c = xml_node_create(ctx->xml, pps, NULL, "Credential1"); 1229df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 1230df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt add_text_node(ctx, c, "CredentialPriority", "1"); 1231df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 1232df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt aaa = xml_node_create(ctx->xml, c, NULL, "AAAServerTrustRoot"); 1233df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt aaa1 = xml_node_create(ctx->xml, aaa, NULL, "AAA1"); 1234df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt add_text_node_conf(ctx, realm, aaa1, "CertURL", 1235df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt "aaa_trust_root_cert_url"); 1236df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt add_text_node_conf(ctx, realm, aaa1, "CertSHA256Fingerprint", 1237df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt "aaa_trust_root_cert_fingerprint"); 1238df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 1239df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt upd = xml_node_create(ctx->xml, c, NULL, "SubscriptionUpdate"); 1240df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt add_text_node(ctx, upd, "UpdateInterval", "4294967295"); 1241df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt add_text_node(ctx, upd, "UpdateMethod", "ClientInitiated"); 1242df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt add_text_node(ctx, upd, "Restriction", "HomeSP"); 1243df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt add_text_node_conf(ctx, realm, upd, "URI", "spp_http_auth_url"); 1244df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt trust = xml_node_create(ctx->xml, upd, NULL, "TrustRoot"); 1245df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt add_text_node_conf(ctx, realm, trust, "CertURL", "trust_root_cert_url"); 1246df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt add_text_node_conf(ctx, realm, trust, "CertSHA256Fingerprint", 1247df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt "trust_root_cert_fingerprint"); 1248df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 1249df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt homesp = xml_node_create(ctx->xml, c, NULL, "HomeSP"); 1250df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt add_text_node_conf(ctx, realm, homesp, "FriendlyName", "friendly_name"); 1251df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt add_text_node_conf(ctx, realm, homesp, "FQDN", "fqdn"); 1252df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 1253df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt xml_node_create(ctx->xml, c, NULL, "SubscriptionParameters"); 1254df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 1255df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt cred = xml_node_create(ctx->xml, c, NULL, "Credential"); 1256df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt add_creation_date(ctx, cred); 1257df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (cert) { 1258df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt xml_node_t *dc; 1259df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt dc = xml_node_create(ctx->xml, cred, NULL, 1260df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt "DigitalCertificate"); 1261df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt add_text_node(ctx, dc, "CertificateType", "x509v3"); 1262df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt add_text_node(ctx, dc, "CertSHA256Fingerprint", cert); 1263df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt } else { 1264df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt userpw = build_username_password(ctx, cred, user, pw); 1265df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt add_text_node(ctx, userpw, "MachineManaged", 1266df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt machine_managed ? "TRUE" : "FALSE"); 1267df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt eap = xml_node_create(ctx->xml, userpw, NULL, "EAPMethod"); 1268df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt add_text_node(ctx, eap, "EAPType", "21"); 1269df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt add_text_node(ctx, eap, "InnerMethod", "MS-CHAP-V2"); 1270df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt } 1271df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt add_text_node(ctx, cred, "Realm", realm); 1272df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 1273df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt return pps; 1274df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt} 1275df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 1276df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 1277df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidtstatic xml_node_t * spp_exec_get_certificate(struct hs20_svc *ctx, 1278df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt const char *session_id, 1279df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt const char *user, 1280df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt const char *realm) 1281df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt{ 1282df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt xml_namespace_t *ns; 1283df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt xml_node_t *spp_node, *enroll, *exec_node; 1284df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt char *val; 1285df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt char password[11]; 1286df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt char *b64; 1287df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 1288df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (new_password(password, sizeof(password)) < 0) 1289df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt return NULL; 1290df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 1291df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt spp_node = build_post_dev_data_response(ctx, &ns, session_id, "OK", 1292df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt NULL); 1293df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (spp_node == NULL) 1294df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt return NULL; 1295df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 1296df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt exec_node = xml_node_create(ctx->xml, spp_node, ns, "exec"); 1297df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 1298df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt enroll = xml_node_create(ctx->xml, exec_node, ns, "getCertificate"); 1299df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt xml_node_add_attr(ctx->xml, enroll, NULL, "enrollmentProtocol", "EST"); 1300df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 1301df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt val = db_get_osu_config_val(ctx, realm, "est_url"); 1302df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt xml_node_create_text(ctx->xml, enroll, ns, "enrollmentServerURI", 1303df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt val ? val : ""); 1304df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt os_free(val); 1305df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt xml_node_create_text(ctx->xml, enroll, ns, "estUserID", user); 1306df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 1307df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt b64 = (char *) base64_encode((unsigned char *) password, 1308df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt strlen(password), NULL); 1309df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (b64 == NULL) { 1310df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt xml_node_free(ctx->xml, spp_node); 1311df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt return NULL; 1312df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt } 1313df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt xml_node_create_text(ctx->xml, enroll, ns, "estPassword", b64); 1314df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt free(b64); 1315df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 1316df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt db_update_session_password(ctx, user, realm, session_id, password); 1317df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 1318df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt return spp_node; 1319df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt} 1320df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 1321df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 1322df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidtstatic xml_node_t * hs20_user_input_registration(struct hs20_svc *ctx, 1323df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt const char *session_id, 1324df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt int enrollment_done) 1325df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt{ 1326df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt xml_namespace_t *ns; 1327df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt xml_node_t *spp_node, *node = NULL; 1328df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt xml_node_t *pps, *tnds; 1329df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt char buf[400]; 1330df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt char *str; 1331df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt char *user, *realm, *pw, *type, *mm; 1332df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt const char *status; 1333df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt int cert = 0; 1334df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt int machine_managed = 0; 1335df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt char *fingerprint; 1336df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 1337df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt user = db_get_session_val(ctx, NULL, NULL, session_id, "user"); 1338df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt realm = db_get_session_val(ctx, NULL, NULL, session_id, "realm"); 1339df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt pw = db_get_session_val(ctx, NULL, NULL, session_id, "password"); 1340df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 1341df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (!user || !realm || !pw) { 1342df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt debug_print(ctx, 1, "Could not find session info from DB for " 1343df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt "the new subscription"); 1344df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt free(user); 1345df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt free(realm); 1346df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt free(pw); 1347df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt return NULL; 1348df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt } 1349df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 1350df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt mm = db_get_session_val(ctx, NULL, NULL, session_id, "machine_managed"); 1351df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (mm && atoi(mm)) 1352df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt machine_managed = 1; 1353df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt free(mm); 1354df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 1355df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt type = db_get_session_val(ctx, NULL, NULL, session_id, "type"); 1356df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (type && strcmp(type, "cert") == 0) 1357df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt cert = 1; 1358df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt free(type); 1359df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 1360df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (cert && !enrollment_done) { 1361df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt xml_node_t *ret; 1362df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt hs20_eventlog(ctx, user, realm, session_id, 1363df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt "request client certificate enrollment", NULL); 1364df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt ret = spp_exec_get_certificate(ctx, session_id, user, realm); 1365df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt free(user); 1366df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt free(realm); 1367df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt free(pw); 1368df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt return ret; 1369df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt } 1370df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 1371df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (!cert && strlen(pw) == 0) { 1372df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt machine_managed = 1; 1373df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt free(pw); 1374df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt pw = malloc(11); 1375df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (pw == NULL || new_password(pw, 11) < 0) { 1376df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt free(user); 1377df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt free(realm); 1378df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt free(pw); 1379df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt return NULL; 1380df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt } 1381df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt } 1382df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 1383df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt status = "Provisioning complete, request sppUpdateResponse"; 1384df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt spp_node = build_post_dev_data_response(ctx, &ns, session_id, status, 1385df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt NULL); 1386df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (spp_node == NULL) 1387df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt return NULL; 1388df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 1389df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt fingerprint = db_get_session_val(ctx, NULL, NULL, session_id, "cert"); 1390df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt pps = build_pps(ctx, user, realm, pw, 1391df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt fingerprint ? fingerprint : NULL, machine_managed); 1392df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt free(fingerprint); 1393df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (!pps) { 1394df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt xml_node_free(ctx->xml, spp_node); 1395df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt free(user); 1396df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt free(realm); 1397df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt free(pw); 1398df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt return NULL; 1399df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt } 1400df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 1401df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt debug_print(ctx, 1, "Request DB subscription registration on success " 1402df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt "notification"); 1403216983bceec7c450951e2fbcd076b5c75d432e57Dmitry Shmidt if (machine_managed) { 1404216983bceec7c450951e2fbcd076b5c75d432e57Dmitry Shmidt db_update_session_password(ctx, user, realm, session_id, pw); 1405216983bceec7c450951e2fbcd076b5c75d432e57Dmitry Shmidt db_update_session_machine_managed(ctx, user, realm, session_id, 1406216983bceec7c450951e2fbcd076b5c75d432e57Dmitry Shmidt machine_managed); 1407216983bceec7c450951e2fbcd076b5c75d432e57Dmitry Shmidt } 1408df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt db_add_session_pps(ctx, user, realm, session_id, pps); 1409df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 1410df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt hs20_eventlog_node(ctx, user, realm, session_id, 1411df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt "new subscription", pps); 1412df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt free(user); 1413df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt free(pw); 1414df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 1415df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt tnds = mo_to_tnds(ctx->xml, pps, 0, URN_HS20_PPS, NULL); 1416df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt xml_node_free(ctx->xml, pps); 1417df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (!tnds) { 1418df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt xml_node_free(ctx->xml, spp_node); 1419df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt free(realm); 1420df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt return NULL; 1421df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt } 1422df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 1423df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt str = xml_node_to_str(ctx->xml, tnds); 1424df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt xml_node_free(ctx->xml, tnds); 1425df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (str == NULL) { 1426df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt xml_node_free(ctx->xml, spp_node); 1427df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt free(realm); 1428df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt return NULL; 1429df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt } 1430df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 1431df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt node = xml_node_create_text(ctx->xml, spp_node, ns, "addMO", str); 1432df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt free(str); 1433df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt snprintf(buf, sizeof(buf), "./Wi-Fi/%s/PerProviderSubscription", realm); 1434df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt free(realm); 1435df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt xml_node_add_attr(ctx->xml, node, ns, "managementTreeURI", buf); 1436df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt xml_node_add_attr(ctx->xml, node, ns, "moURN", URN_HS20_PPS); 1437df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 1438df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt return spp_node; 1439df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt} 1440df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 1441df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 1442df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidtstatic xml_node_t * hs20_user_input_free_remediation(struct hs20_svc *ctx, 1443df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt const char *user, 1444df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt const char *realm, 1445df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt const char *session_id) 1446df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt{ 1447df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt xml_namespace_t *ns; 1448df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt xml_node_t *spp_node; 1449df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt xml_node_t *cred; 1450df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt char buf[400]; 1451df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt char *status; 1452df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt char *free_account, *pw; 1453df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 1454df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt free_account = db_get_osu_config_val(ctx, realm, "free_account"); 1455df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (free_account == NULL) 1456df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt return NULL; 1457df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt pw = db_get_val(ctx, free_account, realm, "password", 0); 1458df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (pw == NULL) { 1459df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt free(free_account); 1460df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt return NULL; 1461df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt } 1462df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 1463df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt cred = build_credential_pw(ctx, free_account, realm, pw); 1464df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt free(free_account); 1465df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt free(pw); 1466df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (!cred) { 1467df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt xml_node_free(ctx->xml, cred); 1468df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt return NULL; 1469df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt } 1470df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 1471df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt status = "Remediation complete, request sppUpdateResponse"; 1472df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt spp_node = build_post_dev_data_response(ctx, &ns, session_id, status, 1473df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt NULL); 1474df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (spp_node == NULL) 1475df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt return NULL; 1476df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 1477df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt snprintf(buf, sizeof(buf), 1478df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt "./Wi-Fi/%s/PerProviderSubscription/Credential1/Credential", 1479df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt realm); 1480df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 1481df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (add_update_node(ctx, spp_node, ns, buf, cred) < 0) { 1482df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt xml_node_free(ctx->xml, spp_node); 1483df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt return NULL; 1484df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt } 1485df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 1486df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt hs20_eventlog_node(ctx, user, realm, session_id, 1487df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt "free/public remediation", cred); 1488df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt xml_node_free(ctx->xml, cred); 1489df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 1490df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt return spp_node; 1491df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt} 1492df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 1493df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 1494df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidtstatic xml_node_t * hs20_user_input_complete(struct hs20_svc *ctx, 1495df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt const char *user, 1496df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt const char *realm, int dmacc, 1497df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt const char *session_id) 1498df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt{ 1499df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt char *val; 1500df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt enum hs20_session_operation oper; 1501df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 1502df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt val = db_get_session_val(ctx, user, realm, session_id, "operation"); 1503df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (val == NULL) { 1504df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt debug_print(ctx, 1, "No session %s found to continue", 1505df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt session_id); 1506df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt return NULL; 1507df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt } 1508df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt oper = atoi(val); 1509df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt free(val); 1510df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 1511df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (oper == USER_REMEDIATION) { 1512df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt return hs20_user_input_remediation(ctx, user, realm, dmacc, 1513df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt session_id); 1514df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt } 1515df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 1516df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (oper == FREE_REMEDIATION) { 1517df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt return hs20_user_input_free_remediation(ctx, user, realm, 1518df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt session_id); 1519df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt } 1520df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 1521df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (oper == SUBSCRIPTION_REGISTRATION) { 1522df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt return hs20_user_input_registration(ctx, session_id, 0); 1523df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt } 1524df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 1525df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt debug_print(ctx, 1, "User session %s not in state for user input " 1526df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt "completion", session_id); 1527df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt return NULL; 1528df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt} 1529df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 1530df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 1531df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidtstatic xml_node_t * hs20_cert_enroll_completed(struct hs20_svc *ctx, 1532df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt const char *user, 1533df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt const char *realm, int dmacc, 1534df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt const char *session_id) 1535df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt{ 1536df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt char *val; 1537df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt enum hs20_session_operation oper; 1538df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 1539df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt val = db_get_session_val(ctx, user, realm, session_id, "operation"); 1540df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (val == NULL) { 1541df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt debug_print(ctx, 1, "No session %s found to continue", 1542df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt session_id); 1543df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt return NULL; 1544df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt } 1545df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt oper = atoi(val); 1546df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt free(val); 1547df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 1548df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (oper == SUBSCRIPTION_REGISTRATION) 1549df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt return hs20_user_input_registration(ctx, session_id, 1); 1550df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 1551df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt debug_print(ctx, 1, "User session %s not in state for certificate " 1552df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt "enrollment completion", session_id); 1553df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt return NULL; 1554df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt} 1555df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 1556df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 1557df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidtstatic xml_node_t * hs20_cert_enroll_failed(struct hs20_svc *ctx, 1558df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt const char *user, 1559df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt const char *realm, int dmacc, 1560df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt const char *session_id) 1561df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt{ 1562df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt char *val; 1563df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt enum hs20_session_operation oper; 1564df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt xml_node_t *spp_node, *node; 1565df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt char *status; 1566df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt xml_namespace_t *ns; 1567df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 1568df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt val = db_get_session_val(ctx, user, realm, session_id, "operation"); 1569df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (val == NULL) { 1570df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt debug_print(ctx, 1, "No session %s found to continue", 1571df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt session_id); 1572df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt return NULL; 1573df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt } 1574df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt oper = atoi(val); 1575df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt free(val); 1576df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 1577df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (oper != SUBSCRIPTION_REGISTRATION) { 1578df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt debug_print(ctx, 1, "User session %s not in state for " 1579df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt "enrollment failure", session_id); 1580df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt return NULL; 1581df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt } 1582df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 1583df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt status = "Error occurred"; 1584df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt spp_node = build_post_dev_data_response(ctx, &ns, session_id, status, 1585df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt NULL); 1586df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (spp_node == NULL) 1587df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt return NULL; 1588df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt node = xml_node_create(ctx->xml, spp_node, ns, "sppError"); 1589df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt xml_node_add_attr(ctx->xml, node, NULL, "errorCode", 1590df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt "Credentials cannot be provisioned at this time"); 1591df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt db_remove_session(ctx, user, realm, session_id); 1592df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 1593df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt return spp_node; 1594df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt} 1595df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 1596df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 1597df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidtstatic xml_node_t * hs20_spp_post_dev_data(struct hs20_svc *ctx, 1598df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt xml_node_t *node, 1599df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt const char *user, 1600df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt const char *realm, 1601df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt const char *session_id, 1602df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt int dmacc) 1603df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt{ 1604df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt const char *req_reason; 1605df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt char *redirect_uri = NULL; 1606df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt char *req_reason_buf = NULL; 1607df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt char str[200]; 1608df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt xml_node_t *ret = NULL, *devinfo = NULL, *devdetail = NULL; 1609df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt xml_node_t *mo; 1610df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt char *version; 1611df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt int valid; 1612df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt char *supp, *pos; 1613df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt char *err; 1614df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 1615df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt version = xml_node_get_attr_value_ns(ctx->xml, node, SPP_NS_URI, 1616df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt "sppVersion"); 1617df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (version == NULL || strstr(version, "1.0") == NULL) { 1618df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt ret = build_post_dev_data_response( 1619df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt ctx, NULL, session_id, "Error occurred", 1620df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt "SPP version not supported"); 1621df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt hs20_eventlog_node(ctx, user, realm, session_id, 1622df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt "Unsupported sppVersion", ret); 1623df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt xml_node_get_attr_value_free(ctx->xml, version); 1624df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt return ret; 1625df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt } 1626df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt xml_node_get_attr_value_free(ctx->xml, version); 1627df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 1628df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt mo = get_node(ctx->xml, node, "supportedMOList"); 1629df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (mo == NULL) { 1630df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt ret = build_post_dev_data_response( 1631df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt ctx, NULL, session_id, "Error occurred", 1632df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt "Other"); 1633df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt hs20_eventlog_node(ctx, user, realm, session_id, 1634df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt "No supportedMOList element", ret); 1635df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt return ret; 1636df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt } 1637df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt supp = xml_node_get_text(ctx->xml, mo); 1638df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt for (pos = supp; pos && *pos; pos++) 1639df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt *pos = tolower(*pos); 1640df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (supp == NULL || 1641df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt strstr(supp, URN_OMA_DM_DEVINFO) == NULL || 1642df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt strstr(supp, URN_OMA_DM_DEVDETAIL) == NULL || 1643df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt strstr(supp, URN_HS20_PPS) == NULL) { 1644df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt xml_node_get_text_free(ctx->xml, supp); 1645df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt ret = build_post_dev_data_response( 1646df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt ctx, NULL, session_id, "Error occurred", 1647df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt "One or more mandatory MOs not supported"); 1648df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt hs20_eventlog_node(ctx, user, realm, session_id, 1649df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt "Unsupported MOs", ret); 1650df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt return ret; 1651df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt } 1652df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt xml_node_get_text_free(ctx->xml, supp); 1653df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 1654df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt req_reason_buf = xml_node_get_attr_value(ctx->xml, node, 1655df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt "requestReason"); 1656df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (req_reason_buf == NULL) { 1657df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt debug_print(ctx, 1, "No requestReason attribute"); 1658df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt return NULL; 1659df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt } 1660df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt req_reason = req_reason_buf; 1661df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 1662df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt redirect_uri = xml_node_get_attr_value(ctx->xml, node, "redirectURI"); 1663df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 1664df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt debug_print(ctx, 1, "requestReason: %s sessionID: %s redirectURI: %s", 1665df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt req_reason, session_id, redirect_uri); 1666df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt snprintf(str, sizeof(str), "sppPostDevData: requestReason=%s", 1667df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt req_reason); 1668df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt hs20_eventlog(ctx, user, realm, session_id, str, NULL); 1669df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 1670df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt devinfo = spp_get_mo(ctx, node, URN_OMA_DM_DEVINFO, &valid, &err); 1671df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (devinfo == NULL) { 1672df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt ret = build_post_dev_data_response(ctx, NULL, session_id, 1673df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt "Error occurred", "Other"); 1674df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt hs20_eventlog_node(ctx, user, realm, session_id, 1675df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt "No DevInfo moContainer in sppPostDevData", 1676df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt ret); 1677df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt os_free(err); 1678df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt goto out; 1679df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt } 1680df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 1681df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt hs20_eventlog_node(ctx, user, realm, session_id, 1682df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt "Received DevInfo MO", devinfo); 1683df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (valid == 0) { 1684df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt hs20_eventlog(ctx, user, realm, session_id, 1685df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt "OMA-DM DDF DTD validation errors in DevInfo MO", 1686df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt err); 1687df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt ret = build_post_dev_data_response(ctx, NULL, session_id, 1688df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt "Error occurred", "Other"); 1689df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt os_free(err); 1690df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt goto out; 1691df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt } 1692df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt os_free(err); 1693df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (user) 1694df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt db_update_mo(ctx, user, realm, "devinfo", devinfo); 1695df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 1696df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt devdetail = spp_get_mo(ctx, node, URN_OMA_DM_DEVDETAIL, &valid, &err); 1697df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (devdetail == NULL) { 1698df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt ret = build_post_dev_data_response(ctx, NULL, session_id, 1699df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt "Error occurred", "Other"); 1700df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt hs20_eventlog_node(ctx, user, realm, session_id, 1701df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt "No DevDetail moContainer in sppPostDevData", 1702df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt ret); 1703df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt os_free(err); 1704df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt goto out; 1705df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt } 1706df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 1707df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt hs20_eventlog_node(ctx, user, realm, session_id, 1708df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt "Received DevDetail MO", devdetail); 1709df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (valid == 0) { 1710df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt hs20_eventlog(ctx, user, realm, session_id, 1711df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt "OMA-DM DDF DTD validation errors " 1712df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt "in DevDetail MO", err); 1713df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt ret = build_post_dev_data_response(ctx, NULL, session_id, 1714df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt "Error occurred", "Other"); 1715df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt os_free(err); 1716df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt goto out; 1717df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt } 1718df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt os_free(err); 1719df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (user) 1720df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt db_update_mo(ctx, user, realm, "devdetail", devdetail); 1721df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 1722df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (user) 1723df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt mo = spp_get_mo(ctx, node, URN_HS20_PPS, &valid, &err); 1724df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt else { 1725df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt mo = NULL; 1726df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt err = NULL; 1727df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt } 1728df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (user && mo) { 1729df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt hs20_eventlog_node(ctx, user, realm, session_id, 1730df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt "Received PPS MO", mo); 1731df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (valid == 0) { 1732df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt hs20_eventlog(ctx, user, realm, session_id, 1733df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt "OMA-DM DDF DTD validation errors " 1734df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt "in PPS MO", err); 1735df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt xml_node_get_attr_value_free(ctx->xml, redirect_uri); 1736df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt os_free(err); 1737df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt return build_post_dev_data_response( 1738df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt ctx, NULL, session_id, 1739df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt "Error occurred", "Other"); 1740df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt } 1741df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt db_update_mo(ctx, user, realm, "pps", mo); 1742df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt db_update_val(ctx, user, realm, "fetch_pps", "0", dmacc); 1743df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt xml_node_free(ctx->xml, mo); 1744df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt } 1745df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt os_free(err); 1746df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 1747df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (user && !mo) { 1748df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt char *fetch; 1749df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt int fetch_pps; 1750df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 1751df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt fetch = db_get_val(ctx, user, realm, "fetch_pps", dmacc); 1752df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt fetch_pps = fetch ? atoi(fetch) : 0; 1753df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt free(fetch); 1754df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 1755df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (fetch_pps) { 1756df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt enum hs20_session_operation oper; 1757df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (strcasecmp(req_reason, "Subscription remediation") 1758df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt == 0) 1759df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt oper = CONTINUE_SUBSCRIPTION_REMEDIATION; 1760df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt else if (strcasecmp(req_reason, "Policy update") == 0) 1761df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt oper = CONTINUE_POLICY_UPDATE; 1762df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt else 1763df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt oper = NO_OPERATION; 1764df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (db_add_session(ctx, user, realm, session_id, NULL, 1765df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt NULL, oper) < 0) 1766df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt goto out; 1767df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 1768df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt ret = spp_exec_upload_mo(ctx, session_id, 1769df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt URN_HS20_PPS); 1770df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt hs20_eventlog_node(ctx, user, realm, session_id, 1771df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt "request PPS MO upload", 1772df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt ret); 1773df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt goto out; 1774df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt } 1775df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt } 1776df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 1777df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (user && strcasecmp(req_reason, "MO upload") == 0) { 1778df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt char *val = db_get_session_val(ctx, user, realm, session_id, 1779df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt "operation"); 1780df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt enum hs20_session_operation oper; 1781df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (!val) { 1782df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt debug_print(ctx, 1, "No session %s found to continue", 1783df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt session_id); 1784df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt goto out; 1785df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt } 1786df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt oper = atoi(val); 1787df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt free(val); 1788df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (oper == CONTINUE_SUBSCRIPTION_REMEDIATION) 1789df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt req_reason = "Subscription remediation"; 1790df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt else if (oper == CONTINUE_POLICY_UPDATE) 1791df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt req_reason = "Policy update"; 1792df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt else { 1793df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt debug_print(ctx, 1, 1794df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt "No pending operation in session %s", 1795df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt session_id); 1796df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt goto out; 1797df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt } 1798df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt } 1799df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 1800df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (strcasecmp(req_reason, "Subscription registration") == 0) { 1801df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt ret = hs20_subscription_registration(ctx, realm, session_id, 1802df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt redirect_uri); 1803df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt hs20_eventlog_node(ctx, user, realm, session_id, 1804df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt "subscription registration response", 1805df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt ret); 1806df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt goto out; 1807df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt } 1808df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (user && strcasecmp(req_reason, "Subscription remediation") == 0) { 1809df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt ret = hs20_subscription_remediation(ctx, user, realm, 1810df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt session_id, dmacc, 1811df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt redirect_uri); 1812df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt hs20_eventlog_node(ctx, user, realm, session_id, 1813df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt "subscription remediation response", 1814df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt ret); 1815df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt goto out; 1816df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt } 1817df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (user && strcasecmp(req_reason, "Policy update") == 0) { 1818df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt ret = hs20_policy_update(ctx, user, realm, session_id, dmacc); 1819df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt hs20_eventlog_node(ctx, user, realm, session_id, 1820df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt "policy update response", 1821df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt ret); 1822df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt goto out; 1823df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt } 1824df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 1825df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (strcasecmp(req_reason, "User input completed") == 0) { 18269839ecd75c832023d4d13fd2917a8c28261ff668Dmitry Shmidt db_add_session_devinfo(ctx, session_id, devinfo); 18279839ecd75c832023d4d13fd2917a8c28261ff668Dmitry Shmidt db_add_session_devdetail(ctx, session_id, devdetail); 1828df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt ret = hs20_user_input_complete(ctx, user, realm, dmacc, 1829df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt session_id); 1830df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt hs20_eventlog_node(ctx, user, realm, session_id, 1831df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt "user input completed response", ret); 1832df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt goto out; 1833df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt } 1834df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 1835df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (strcasecmp(req_reason, "Certificate enrollment completed") == 0) { 1836df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt ret = hs20_cert_enroll_completed(ctx, user, realm, dmacc, 1837df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt session_id); 1838df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt hs20_eventlog_node(ctx, user, realm, session_id, 1839df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt "certificate enrollment response", ret); 1840df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt goto out; 1841df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt } 1842df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 1843df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (strcasecmp(req_reason, "Certificate enrollment failed") == 0) { 1844df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt ret = hs20_cert_enroll_failed(ctx, user, realm, dmacc, 1845df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt session_id); 1846df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt hs20_eventlog_node(ctx, user, realm, session_id, 1847df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt "certificate enrollment failed response", 1848df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt ret); 1849df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt goto out; 1850df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt } 1851df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 1852df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt debug_print(ctx, 1, "Unsupported requestReason '%s' user '%s'", 1853df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt req_reason, user); 1854df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidtout: 1855df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt xml_node_get_attr_value_free(ctx->xml, req_reason_buf); 1856df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt xml_node_get_attr_value_free(ctx->xml, redirect_uri); 1857df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (devinfo) 1858df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt xml_node_free(ctx->xml, devinfo); 1859df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (devdetail) 1860df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt xml_node_free(ctx->xml, devdetail); 1861df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt return ret; 1862df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt} 1863df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 1864df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 1865df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidtstatic xml_node_t * build_spp_exchange_complete(struct hs20_svc *ctx, 1866df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt const char *session_id, 1867df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt const char *status, 1868df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt const char *error_code) 1869df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt{ 1870df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt xml_namespace_t *ns; 1871df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt xml_node_t *spp_node, *node; 1872df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 1873df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt spp_node = xml_node_create_root(ctx->xml, SPP_NS_URI, "spp", &ns, 1874df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt "sppExchangeComplete"); 1875df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 1876df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 1877df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt xml_node_add_attr(ctx->xml, spp_node, ns, "sppVersion", "1.0"); 1878df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt xml_node_add_attr(ctx->xml, spp_node, ns, "sessionID", session_id); 1879df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt xml_node_add_attr(ctx->xml, spp_node, ns, "sppStatus", status); 1880df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 1881df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (error_code) { 1882df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt node = xml_node_create(ctx->xml, spp_node, ns, "sppError"); 1883df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt xml_node_add_attr(ctx->xml, node, NULL, "errorCode", 1884df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt error_code); 1885df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt } 1886df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 1887df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt return spp_node; 1888df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt} 1889df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 1890df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 1891df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidtstatic int add_subscription(struct hs20_svc *ctx, const char *session_id) 1892df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt{ 1893df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt char *user, *realm, *pw, *pw_mm, *pps, *str; 1894df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt char *sql; 1895df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt int ret = -1; 1896df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt char *free_account; 1897df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt int free_acc; 1898df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt char *type; 1899df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt int cert = 0; 1900df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt char *cert_pem, *fingerprint; 1901df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 1902df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt user = db_get_session_val(ctx, NULL, NULL, session_id, "user"); 1903df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt realm = db_get_session_val(ctx, NULL, NULL, session_id, "realm"); 1904df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt pw = db_get_session_val(ctx, NULL, NULL, session_id, "password"); 1905df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt pw_mm = db_get_session_val(ctx, NULL, NULL, session_id, 1906df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt "machine_managed"); 1907df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt pps = db_get_session_val(ctx, NULL, NULL, session_id, "pps"); 1908df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt cert_pem = db_get_session_val(ctx, NULL, NULL, session_id, "cert_pem"); 1909df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt fingerprint = db_get_session_val(ctx, NULL, NULL, session_id, "cert"); 1910df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt type = db_get_session_val(ctx, NULL, NULL, session_id, "type"); 1911df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (type && strcmp(type, "cert") == 0) 1912df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt cert = 1; 1913df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt free(type); 1914df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 1915df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (!user || !realm || !pw) { 1916df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt debug_print(ctx, 1, "Could not find session info from DB for " 1917df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt "the new subscription"); 1918df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt goto out; 1919df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt } 1920df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 1921df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt free_account = db_get_osu_config_val(ctx, realm, "free_account"); 1922df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt free_acc = free_account && strcmp(free_account, user) == 0; 1923df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt free(free_account); 1924df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 1925df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt debug_print(ctx, 1, 1926df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt "New subscription: user='%s' realm='%s' free_acc=%d", 1927df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt user, realm, free_acc); 1928df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt debug_print(ctx, 1, "New subscription: pps='%s'", pps); 1929df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 1930df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt sql = sqlite3_mprintf("UPDATE eventlog SET user=%Q, realm=%Q WHERE " 1931df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt "sessionid=%Q AND (user='' OR user IS NULL)", 1932df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt user, realm, session_id); 1933df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (sql) { 1934df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt debug_print(ctx, 1, "DB: %s", sql); 1935df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (sqlite3_exec(ctx->db, sql, NULL, NULL, NULL) != SQLITE_OK) { 1936df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt debug_print(ctx, 1, "Failed to update eventlog in " 1937df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt "sqlite database: %s", 1938df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt sqlite3_errmsg(ctx->db)); 1939df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt } 1940df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt sqlite3_free(sql); 1941df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt } 1942df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 1943df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (free_acc) { 1944df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt hs20_eventlog(ctx, user, realm, session_id, 1945df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt "completed shared free account registration", 1946df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt NULL); 1947df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt ret = 0; 1948df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt goto out; 1949df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt } 1950df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 1951df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt sql = sqlite3_mprintf("INSERT INTO users(identity,realm,phase2," 1952df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt "methods,cert,cert_pem,machine_managed) VALUES " 1953df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt "(%Q,%Q,1,%Q,%Q,%Q,%d)", 1954df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt user, realm, cert ? "TLS" : "TTLS-MSCHAPV2", 1955df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt fingerprint ? fingerprint : "", 1956df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt cert_pem ? cert_pem : "", 1957df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt pw_mm && atoi(pw_mm) ? 1 : 0); 1958df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (sql == NULL) 1959df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt goto out; 1960df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt debug_print(ctx, 1, "DB: %s", sql); 1961df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (sqlite3_exec(ctx->db, sql, NULL, NULL, NULL) != SQLITE_OK) { 1962df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt debug_print(ctx, 1, "Failed to add user in sqlite database: %s", 1963df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt sqlite3_errmsg(ctx->db)); 1964df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt sqlite3_free(sql); 1965df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt goto out; 1966df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt } 1967df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt sqlite3_free(sql); 1968df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 1969df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (cert) 1970df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt ret = 0; 1971df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt else 1972df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt ret = update_password(ctx, user, realm, pw, 0); 1973df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (ret < 0) { 1974df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt sql = sqlite3_mprintf("DELETE FROM users WHERE identity=%Q AND " 1975df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt "realm=%Q AND phase2=1", 1976df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt user, realm); 1977df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (sql) { 1978df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt debug_print(ctx, 1, "DB: %s", sql); 1979df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt sqlite3_exec(ctx->db, sql, NULL, NULL, NULL); 1980df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt sqlite3_free(sql); 1981df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt } 1982df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt } 1983df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 1984df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (pps) 1985df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt db_update_mo_str(ctx, user, realm, "pps", pps); 1986df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 1987df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt str = db_get_session_val(ctx, NULL, NULL, session_id, "devinfo"); 1988df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (str) { 1989df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt db_update_mo_str(ctx, user, realm, "devinfo", str); 1990df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt free(str); 1991df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt } 1992df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 1993df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt str = db_get_session_val(ctx, NULL, NULL, session_id, "devdetail"); 1994df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (str) { 1995df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt db_update_mo_str(ctx, user, realm, "devdetail", str); 1996df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt free(str); 1997df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt } 1998df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 1999df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (ret == 0) { 2000df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt hs20_eventlog(ctx, user, realm, session_id, 2001df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt "completed subscription registration", NULL); 2002df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt } 2003df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 2004df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidtout: 2005df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt free(user); 2006df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt free(realm); 2007df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt free(pw); 2008df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt free(pw_mm); 2009df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt free(pps); 2010df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt free(cert_pem); 2011df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt free(fingerprint); 2012df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt return ret; 2013df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt} 2014df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 2015df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 2016df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidtstatic xml_node_t * hs20_spp_update_response(struct hs20_svc *ctx, 2017df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt xml_node_t *node, 2018df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt const char *user, 2019df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt const char *realm, 2020df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt const char *session_id, 2021df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt int dmacc) 2022df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt{ 2023df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt char *status; 2024df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt xml_node_t *ret; 2025df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt char *val; 2026df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt enum hs20_session_operation oper; 2027df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 2028df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt status = xml_node_get_attr_value_ns(ctx->xml, node, SPP_NS_URI, 2029df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt "sppStatus"); 2030df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (status == NULL) { 2031df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt debug_print(ctx, 1, "No sppStatus attribute"); 2032df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt return NULL; 2033df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt } 2034df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 2035df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt debug_print(ctx, 1, "sppUpdateResponse: sppStatus: %s sessionID: %s", 2036df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt status, session_id); 2037df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 2038df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt val = db_get_session_val(ctx, user, realm, session_id, "operation"); 2039df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (!val) { 2040df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt debug_print(ctx, 1, 2041df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt "No session active for user: %s sessionID: %s", 2042df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt user, session_id); 2043df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt oper = NO_OPERATION; 2044df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt } else 2045df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt oper = atoi(val); 2046df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 2047df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (strcasecmp(status, "OK") == 0) { 2048df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt char *new_pw = NULL; 2049df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 2050df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt xml_node_get_attr_value_free(ctx->xml, status); 2051df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 2052df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (oper == USER_REMEDIATION) { 2053df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt new_pw = db_get_session_val(ctx, user, realm, 2054df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt session_id, "password"); 2055df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (new_pw == NULL || strlen(new_pw) == 0) { 2056df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt free(new_pw); 2057df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt ret = build_spp_exchange_complete( 2058df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt ctx, session_id, "Error occurred", 2059df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt "Other"); 2060df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt hs20_eventlog_node(ctx, user, realm, 2061df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt session_id, "No password " 2062df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt "had been assigned for " 2063df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt "session", ret); 2064df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt db_remove_session(ctx, user, realm, session_id); 2065df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt return ret; 2066df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt } 2067df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt oper = UPDATE_PASSWORD; 2068df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt } 2069df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (oper == UPDATE_PASSWORD) { 2070df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (!new_pw) { 2071df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt new_pw = db_get_session_val(ctx, user, realm, 2072df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt session_id, 2073df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt "password"); 2074df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (!new_pw) { 2075df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt db_remove_session(ctx, user, realm, 2076df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt session_id); 2077df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt return NULL; 2078df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt } 2079df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt } 2080df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt debug_print(ctx, 1, "Update user '%s' password in DB", 2081df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt user); 2082df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (update_password(ctx, user, realm, new_pw, dmacc) < 2083df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 0) { 2084df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt debug_print(ctx, 1, "Failed to update user " 2085df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt "'%s' password in DB", user); 2086df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt ret = build_spp_exchange_complete( 2087df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt ctx, session_id, "Error occurred", 2088df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt "Other"); 2089df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt hs20_eventlog_node(ctx, user, realm, 2090df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt session_id, "Failed to " 2091df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt "update database", ret); 2092df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt db_remove_session(ctx, user, realm, session_id); 2093df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt return ret; 2094df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt } 2095df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt hs20_eventlog(ctx, user, realm, 2096df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt session_id, "Updated user password " 2097df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt "in database", NULL); 2098df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt } 2099df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (oper == SUBSCRIPTION_REGISTRATION) { 2100df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (add_subscription(ctx, session_id) < 0) { 2101df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt debug_print(ctx, 1, "Failed to add " 2102df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt "subscription into DB"); 2103df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt ret = build_spp_exchange_complete( 2104df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt ctx, session_id, "Error occurred", 2105df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt "Other"); 2106df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt hs20_eventlog_node(ctx, user, realm, 2107df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt session_id, "Failed to " 2108df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt "update database", ret); 2109df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt db_remove_session(ctx, user, realm, session_id); 2110df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt return ret; 2111df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt } 2112df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt } 2113df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (oper == POLICY_REMEDIATION || oper == POLICY_UPDATE) { 2114df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt char *val; 2115df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt val = db_get_val(ctx, user, realm, "remediation", 2116df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt dmacc); 2117df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (val && strcmp(val, "policy") == 0) 2118df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt db_update_val(ctx, user, realm, "remediation", 2119df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt "", dmacc); 2120df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt free(val); 2121df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt } 2122df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt ret = build_spp_exchange_complete( 2123df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt ctx, session_id, 2124df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt "Exchange complete, release TLS connection", NULL); 2125df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt hs20_eventlog_node(ctx, user, realm, session_id, 2126df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt "Exchange completed", ret); 2127df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt db_remove_session(ctx, user, realm, session_id); 2128df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt return ret; 2129df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt } 2130df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 2131df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt ret = build_spp_exchange_complete(ctx, session_id, "Error occurred", 2132df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt "Other"); 2133df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt hs20_eventlog_node(ctx, user, realm, session_id, "Error occurred", ret); 2134df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt db_remove_session(ctx, user, realm, session_id); 2135df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt xml_node_get_attr_value_free(ctx->xml, status); 2136df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt return ret; 2137df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt} 2138df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 2139df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 2140df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt#define SPP_SESSION_ID_LEN 16 2141df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 2142df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidtstatic char * gen_spp_session_id(void) 2143df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt{ 2144df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt FILE *f; 2145df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt int i; 2146df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt char *session; 2147df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 2148df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt session = os_malloc(SPP_SESSION_ID_LEN * 2 + 1); 2149df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (session == NULL) 2150df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt return NULL; 2151df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 2152df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt f = fopen("/dev/urandom", "r"); 2153df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (f == NULL) { 2154df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt os_free(session); 2155df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt return NULL; 2156df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt } 2157df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt for (i = 0; i < SPP_SESSION_ID_LEN; i++) 2158df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt os_snprintf(session + i * 2, 3, "%02x", fgetc(f)); 2159df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 2160df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt fclose(f); 2161df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt return session; 2162df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt} 2163df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 2164df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidtxml_node_t * hs20_spp_server_process(struct hs20_svc *ctx, xml_node_t *node, 2165df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt const char *auth_user, 2166df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt const char *auth_realm, int dmacc) 2167df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt{ 2168df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt xml_node_t *ret = NULL; 2169df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt char *session_id; 2170df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt const char *op_name; 2171df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt char *xml_err; 2172df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt char fname[200]; 2173df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 2174df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt debug_dump_node(ctx, "received request", node); 2175df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 2176df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (!dmacc && auth_user && auth_realm) { 2177df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt char *real; 2178df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt real = db_get_val(ctx, auth_user, auth_realm, "identity", 0); 2179df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (!real) { 2180df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt real = db_get_val(ctx, auth_user, auth_realm, 2181df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt "identity", 1); 2182df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (real) 2183df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt dmacc = 1; 2184df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt } 2185df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt os_free(real); 2186df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt } 2187df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 2188df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt snprintf(fname, sizeof(fname), "%s/spp/spp.xsd", ctx->root_dir); 2189df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (xml_validate(ctx->xml, node, fname, &xml_err) < 0) { 2190df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt /* 2191df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt * We may not be able to extract the sessionID from invalid 2192df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt * input, but well, we can try. 2193df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt */ 2194df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt session_id = xml_node_get_attr_value_ns(ctx->xml, node, 2195df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt SPP_NS_URI, 2196df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt "sessionID"); 2197912c6ecf72fb2c84fbf17dbd0666492778dbd9fcDmitry Shmidt debug_print(ctx, 1, 2198912c6ecf72fb2c84fbf17dbd0666492778dbd9fcDmitry Shmidt "SPP message failed validation, xsd file: %s xml-error: %s", 2199912c6ecf72fb2c84fbf17dbd0666492778dbd9fcDmitry Shmidt fname, xml_err); 2200df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt hs20_eventlog_node(ctx, auth_user, auth_realm, session_id, 2201df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt "SPP message failed validation", node); 2202df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt hs20_eventlog(ctx, auth_user, auth_realm, session_id, 2203df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt "Validation errors", xml_err); 2204df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt os_free(xml_err); 2205df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt xml_node_get_attr_value_free(ctx->xml, session_id); 2206df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt /* TODO: what to return here? */ 2207df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt ret = xml_node_create_root(ctx->xml, NULL, NULL, NULL, 2208df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt "SppValidationError"); 2209df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt return ret; 2210df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt } 2211df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 2212df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt session_id = xml_node_get_attr_value_ns(ctx->xml, node, SPP_NS_URI, 2213df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt "sessionID"); 2214df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (session_id) { 2215df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt char *tmp; 2216df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt debug_print(ctx, 1, "Received sessionID %s", session_id); 2217df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt tmp = os_strdup(session_id); 2218df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt xml_node_get_attr_value_free(ctx->xml, session_id); 2219df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (tmp == NULL) 2220df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt return NULL; 2221df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt session_id = tmp; 2222df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt } else { 2223df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt session_id = gen_spp_session_id(); 2224df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (session_id == NULL) { 2225df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt debug_print(ctx, 1, "Failed to generate sessionID"); 2226df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt return NULL; 2227df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt } 2228df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt debug_print(ctx, 1, "Generated sessionID %s", session_id); 2229df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt } 2230df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 2231df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt op_name = xml_node_get_localname(ctx->xml, node); 2232df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (op_name == NULL) { 2233df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt debug_print(ctx, 1, "Could not get op_name"); 2234df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt return NULL; 2235df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt } 2236df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 2237df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (strcmp(op_name, "sppPostDevData") == 0) { 2238df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt hs20_eventlog_node(ctx, auth_user, auth_realm, session_id, 2239df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt "sppPostDevData received and validated", 2240df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt node); 2241df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt ret = hs20_spp_post_dev_data(ctx, node, auth_user, auth_realm, 2242df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt session_id, dmacc); 2243df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt } else if (strcmp(op_name, "sppUpdateResponse") == 0) { 2244df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt hs20_eventlog_node(ctx, auth_user, auth_realm, session_id, 2245df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt "sppUpdateResponse received and validated", 2246df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt node); 2247df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt ret = hs20_spp_update_response(ctx, node, auth_user, 2248df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt auth_realm, session_id, dmacc); 2249df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt } else { 2250df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt hs20_eventlog_node(ctx, auth_user, auth_realm, session_id, 2251df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt "Unsupported SPP message received and " 2252df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt "validated", node); 2253df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt debug_print(ctx, 1, "Unsupported operation '%s'", op_name); 2254df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt /* TODO: what to return here? */ 2255df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt ret = xml_node_create_root(ctx->xml, NULL, NULL, NULL, 2256df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt "SppUnknownCommandError"); 2257df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt } 2258df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt os_free(session_id); 2259df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 2260df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (ret == NULL) { 2261df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt /* TODO: what to return here? */ 2262df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt ret = xml_node_create_root(ctx->xml, NULL, NULL, NULL, 2263df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt "SppInternalError"); 2264df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt } 2265df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 2266df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt return ret; 2267df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt} 2268df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 2269df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 2270df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidtint hs20_spp_server_init(struct hs20_svc *ctx) 2271df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt{ 2272df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt char fname[200]; 2273df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt ctx->db = NULL; 2274df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt snprintf(fname, sizeof(fname), "%s/AS/DB/eap_user.db", ctx->root_dir); 2275df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (sqlite3_open(fname, &ctx->db)) { 2276df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt printf("Failed to open sqlite database: %s\n", 2277df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt sqlite3_errmsg(ctx->db)); 2278df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt sqlite3_close(ctx->db); 2279df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt return -1; 2280df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt } 2281df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 2282df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt return 0; 2283df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt} 2284df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 2285df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 2286df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidtvoid hs20_spp_server_deinit(struct hs20_svc *ctx) 2287df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt{ 2288df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt sqlite3_close(ctx->db); 2289df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt ctx->db = NULL; 2290df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt} 2291