From 73d3f884183b5af45659a2451799feeeb744d0ab Mon Sep 17 00:00:00 2001
From: Jouni Malinen <jouni@codeaurora.org>
Date: Fri, 22 Jun 2018 20:22:40 +0300
Subject: [PATCH] HS 2.0: CoA-Request from Terms and Conditions server

This extends the terms.php implementation of Hotspot 2.0 Terms and
Conditions server to allow it to interact with hostapd(AS) to clear the
filtering rules from the AP. After requesting hostapd to send out the
CoA-Request, terms.php waits for up to 10 seconds to see whether the
current_sessions table gets an update to indicate that filtering has
been successfully disabled.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
---
 hs20/server/sql.txt        | 10 ++++++++++
 hs20/server/www/config.php |  1 +
 hs20/server/www/terms.php  | 30 ++++++++++++++++++++++++++++++
 3 files changed, 41 insertions(+)

diff --git a/hs20/server/sql.txt b/hs20/server/sql.txt
index f5a73551a..74d9f4aa2 100644
--- a/hs20/server/sql.txt
+++ b/hs20/server/sql.txt
@@ -71,3 +71,13 @@ CREATE TABLE pending_tc(
 	mac_addr TEXT PRIMARY KEY,
 	identity TEXT
 );
+
+CREATE TABLE current_sessions(
+	mac_addr TEXT PRIMARY KEY,
+	identity TEXT,
+	start_time TEXT,
+	nas TEXT,
+	hs20_t_c_filtering BOOLEAN,
+	waiting_coa_ack BOOLEAN,
+	coa_ack_received BOOLEAN
+);
diff --git a/hs20/server/www/config.php b/hs20/server/www/config.php
index 830aa931f..4272b102a 100644
--- a/hs20/server/www/config.php
+++ b/hs20/server/www/config.php
@@ -3,4 +3,5 @@ $osu_root = "/home/user/hs20-server";
 $osu_db = "sqlite:$osu_root/AS/DB/eap_user.db";
 $t_c_file = "$osu_root/terms-and-conditions";
 $t_c_timestamp = 123456789;
+$hostapd_ctrl = "udg:///home/user/hs20-server/AS/ctrl/as"
 ?>
diff --git a/hs20/server/www/terms.php b/hs20/server/www/terms.php
index 99747a295..e360be5f4 100644
--- a/hs20/server/www/terms.php
+++ b/hs20/server/www/terms.php
@@ -41,6 +41,36 @@ if (!$accept) {
 
       echo "<p>Terms and conditions were accepted.</p>";
    }
+
+   $fp = fsockopen($hostapd_ctrl);
+   if (!$fp) {
+      die("Could not connect to hostapd(AS)");
+   }
+
+   fwrite($fp, "DAC_REQUEST coa $addr t_c_clear");
+   fclose($fp);
+
+   $waiting = true;
+   $ack = false;
+   for ($i = 1; $i <= 10; $i++) {
+      $res = $db->prepare("SELECT waiting_coa_ack,coa_ack_received FROM current_sessions WHERE mac_addr=?");
+      $res->execute(array($addr));
+      $row = $res->fetch();
+      if (!$row) {
+         die("No current session for the specified MAC address");
+      }
+      $waiting = $row[0] == 1;
+      $ack = $row[1] == 1;
+      $res->closeCursor();
+      if (!$waiting)
+         break;
+      sleep(1);
+   }
+   if ($ack) {
+      echo "<P>Filtering disabled.</P>\n";
+   } else {
+      echo "<P>Failed to disable filtering.</P>\n";
+   }
 }
 
 ?>