40bdceac88
Some of the code paths could have ended up ignoring CA file name from command line due to overly complex way of setting ctx->ca_fname. Configure this more consistently in osu_client.c as soon as the CA file name has been determined. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
996 lines
26 KiB
C
996 lines
26 KiB
C
/*
|
|
* Hotspot 2.0 SPP client
|
|
* Copyright (c) 2012-2014, Qualcomm Atheros, Inc.
|
|
*
|
|
* This software may be distributed under the terms of the BSD license.
|
|
* See README for more details.
|
|
*/
|
|
|
|
#include "includes.h"
|
|
#include <sys/stat.h>
|
|
|
|
#include "common.h"
|
|
#include "browser.h"
|
|
#include "wpa_ctrl.h"
|
|
#include "wpa_helpers.h"
|
|
#include "xml-utils.h"
|
|
#include "http-utils.h"
|
|
#include "utils/base64.h"
|
|
#include "crypto/crypto.h"
|
|
#include "crypto/sha256.h"
|
|
#include "osu_client.h"
|
|
|
|
|
|
static int hs20_spp_update_response(struct hs20_osu_client *ctx,
|
|
const char *session_id,
|
|
const char *spp_status,
|
|
const char *error_code);
|
|
static void hs20_policy_update_complete(
|
|
struct hs20_osu_client *ctx, const char *pps_fname);
|
|
|
|
|
|
static char * get_spp_attr_value(struct xml_node_ctx *ctx, xml_node_t *node,
|
|
char *attr_name)
|
|
{
|
|
return xml_node_get_attr_value_ns(ctx, node, SPP_NS_URI, attr_name);
|
|
}
|
|
|
|
|
|
static int hs20_spp_validate(struct hs20_osu_client *ctx, xml_node_t *node,
|
|
const char *expected_name)
|
|
{
|
|
struct xml_node_ctx *xctx = ctx->xml;
|
|
const char *name;
|
|
char *err;
|
|
int ret;
|
|
|
|
if (!xml_node_is_element(xctx, node))
|
|
return -1;
|
|
|
|
name = xml_node_get_localname(xctx, node);
|
|
if (name == NULL)
|
|
return -1;
|
|
|
|
if (strcmp(expected_name, name) != 0) {
|
|
wpa_printf(MSG_INFO, "Unexpected SOAP method name '%s' (expected '%s')",
|
|
name, expected_name);
|
|
write_summary(ctx, "Unexpected SOAP method name '%s' (expected '%s')",
|
|
name, expected_name);
|
|
return -1;
|
|
}
|
|
|
|
ret = xml_validate(xctx, node, "spp.xsd", &err);
|
|
if (ret < 0) {
|
|
wpa_printf(MSG_INFO, "XML schema validation error(s)\n%s", err);
|
|
write_summary(ctx, "SPP XML schema validation failed");
|
|
os_free(err);
|
|
}
|
|
return ret;
|
|
}
|
|
|
|
|
|
static void add_mo_container(struct xml_node_ctx *ctx, xml_namespace_t *ns,
|
|
xml_node_t *parent, const char *urn,
|
|
const char *fname)
|
|
{
|
|
xml_node_t *node;
|
|
xml_node_t *fnode, *tnds;
|
|
char *str;
|
|
|
|
fnode = node_from_file(ctx, fname);
|
|
if (!fnode)
|
|
return;
|
|
tnds = mo_to_tnds(ctx, fnode, 0, urn, "syncml:dmddf1.2");
|
|
xml_node_free(ctx, fnode);
|
|
if (!tnds)
|
|
return;
|
|
|
|
str = xml_node_to_str(ctx, tnds);
|
|
xml_node_free(ctx, tnds);
|
|
if (str == NULL)
|
|
return;
|
|
|
|
node = xml_node_create_text(ctx, parent, ns, "moContainer", str);
|
|
if (node)
|
|
xml_node_add_attr(ctx, node, ns, "moURN", urn);
|
|
os_free(str);
|
|
}
|
|
|
|
|
|
static xml_node_t * build_spp_post_dev_data(struct hs20_osu_client *ctx,
|
|
xml_namespace_t **ret_ns,
|
|
const char *session_id,
|
|
const char *reason)
|
|
{
|
|
xml_namespace_t *ns;
|
|
xml_node_t *spp_node;
|
|
|
|
write_summary(ctx, "Building sppPostDevData requestReason='%s'",
|
|
reason);
|
|
spp_node = xml_node_create_root(ctx->xml, SPP_NS_URI, "spp", &ns,
|
|
"sppPostDevData");
|
|
if (spp_node == NULL)
|
|
return NULL;
|
|
if (ret_ns)
|
|
*ret_ns = ns;
|
|
|
|
xml_node_add_attr(ctx->xml, spp_node, ns, "sppVersion", "1.0");
|
|
xml_node_add_attr(ctx->xml, spp_node, NULL, "requestReason", reason);
|
|
if (session_id)
|
|
xml_node_add_attr(ctx->xml, spp_node, ns, "sessionID",
|
|
session_id);
|
|
xml_node_add_attr(ctx->xml, spp_node, NULL, "redirectURI",
|
|
"http://localhost:12345/");
|
|
|
|
xml_node_create_text(ctx->xml, spp_node, ns, "supportedSPPVersions",
|
|
"1.0");
|
|
xml_node_create_text(ctx->xml, spp_node, ns, "supportedMOList",
|
|
URN_HS20_PPS " " URN_OMA_DM_DEVINFO " "
|
|
URN_OMA_DM_DEVDETAIL " " URN_HS20_DEVDETAIL_EXT);
|
|
|
|
add_mo_container(ctx->xml, ns, spp_node, URN_OMA_DM_DEVINFO,
|
|
"devinfo.xml");
|
|
add_mo_container(ctx->xml, ns, spp_node, URN_OMA_DM_DEVDETAIL,
|
|
"devdetail.xml");
|
|
|
|
return spp_node;
|
|
}
|
|
|
|
|
|
static int process_update_node(struct hs20_osu_client *ctx, xml_node_t *pps,
|
|
xml_node_t *update)
|
|
{
|
|
xml_node_t *node, *parent, *tnds, *unode;
|
|
char *str;
|
|
const char *name;
|
|
char *uri, *pos;
|
|
char *cdata, *cdata_end;
|
|
size_t fqdn_len;
|
|
|
|
wpa_printf(MSG_INFO, "Processing updateNode");
|
|
debug_dump_node(ctx, "updateNode", update);
|
|
|
|
uri = get_spp_attr_value(ctx->xml, update, "managementTreeURI");
|
|
if (uri == NULL) {
|
|
wpa_printf(MSG_INFO, "No managementTreeURI present");
|
|
return -1;
|
|
}
|
|
wpa_printf(MSG_INFO, "managementTreeUri: '%s'", uri);
|
|
|
|
name = os_strrchr(uri, '/');
|
|
if (name == NULL) {
|
|
wpa_printf(MSG_INFO, "Unexpected URI");
|
|
xml_node_get_attr_value_free(ctx->xml, uri);
|
|
return -1;
|
|
}
|
|
name++;
|
|
wpa_printf(MSG_INFO, "Update interior node: '%s'", name);
|
|
|
|
str = xml_node_get_text(ctx->xml, update);
|
|
if (str == NULL) {
|
|
wpa_printf(MSG_INFO, "Could not extract MO text");
|
|
xml_node_get_attr_value_free(ctx->xml, uri);
|
|
return -1;
|
|
}
|
|
wpa_printf(MSG_DEBUG, "[hs20] nodeContainer text: '%s'", str);
|
|
cdata = strstr(str, "<![CDATA[");
|
|
cdata_end = strstr(str, "]]>");
|
|
if (cdata && cdata_end && cdata_end > cdata &&
|
|
cdata < strstr(str, "MgmtTree") &&
|
|
cdata_end > strstr(str, "/MgmtTree")) {
|
|
char *tmp;
|
|
wpa_printf(MSG_DEBUG, "[hs20] Removing extra CDATA container");
|
|
tmp = strdup(cdata + 9);
|
|
if (tmp) {
|
|
cdata_end = strstr(tmp, "]]>");
|
|
if (cdata_end)
|
|
*cdata_end = '\0';
|
|
wpa_printf(MSG_DEBUG, "[hs20] nodeContainer text with CDATA container removed: '%s'",
|
|
tmp);
|
|
tnds = xml_node_from_buf(ctx->xml, tmp);
|
|
free(tmp);
|
|
} else
|
|
tnds = NULL;
|
|
} else
|
|
tnds = xml_node_from_buf(ctx->xml, str);
|
|
xml_node_get_text_free(ctx->xml, str);
|
|
if (tnds == NULL) {
|
|
wpa_printf(MSG_INFO, "[hs20] Could not parse nodeContainer text");
|
|
xml_node_get_attr_value_free(ctx->xml, uri);
|
|
return -1;
|
|
}
|
|
|
|
unode = tnds_to_mo(ctx->xml, tnds);
|
|
xml_node_free(ctx->xml, tnds);
|
|
if (unode == NULL) {
|
|
wpa_printf(MSG_INFO, "[hs20] Could not parse nodeContainer TNDS text");
|
|
xml_node_get_attr_value_free(ctx->xml, uri);
|
|
return -1;
|
|
}
|
|
|
|
debug_dump_node(ctx, "Parsed TNDS", unode);
|
|
|
|
if (get_node_uri(ctx->xml, unode, name) == NULL) {
|
|
wpa_printf(MSG_INFO, "[hs20] %s node not found", name);
|
|
xml_node_free(ctx->xml, unode);
|
|
xml_node_get_attr_value_free(ctx->xml, uri);
|
|
return -1;
|
|
}
|
|
|
|
if (os_strncasecmp(uri, "./Wi-Fi/", 8) != 0) {
|
|
wpa_printf(MSG_INFO, "Do not allow update outside ./Wi-Fi");
|
|
xml_node_free(ctx->xml, unode);
|
|
xml_node_get_attr_value_free(ctx->xml, uri);
|
|
return -1;
|
|
}
|
|
pos = uri + 8;
|
|
|
|
if (ctx->fqdn == NULL) {
|
|
wpa_printf(MSG_INFO, "FQDN not known");
|
|
xml_node_free(ctx->xml, unode);
|
|
xml_node_get_attr_value_free(ctx->xml, uri);
|
|
return -1;
|
|
}
|
|
fqdn_len = os_strlen(ctx->fqdn);
|
|
if (os_strncasecmp(pos, ctx->fqdn, fqdn_len) != 0 ||
|
|
pos[fqdn_len] != '/') {
|
|
wpa_printf(MSG_INFO, "Do not allow update outside ./Wi-Fi/%s",
|
|
ctx->fqdn);
|
|
xml_node_free(ctx->xml, unode);
|
|
xml_node_get_attr_value_free(ctx->xml, uri);
|
|
return -1;
|
|
}
|
|
pos += fqdn_len + 1;
|
|
|
|
if (os_strncasecmp(pos, "PerProviderSubscription/", 24) != 0) {
|
|
wpa_printf(MSG_INFO, "Do not allow update outside ./Wi-Fi/%s/PerProviderSubscription",
|
|
ctx->fqdn);
|
|
xml_node_free(ctx->xml, unode);
|
|
xml_node_get_attr_value_free(ctx->xml, uri);
|
|
return -1;
|
|
}
|
|
pos += 24;
|
|
|
|
wpa_printf(MSG_INFO, "Update command for PPS node %s", pos);
|
|
|
|
node = get_node(ctx->xml, pps, pos);
|
|
if (node) {
|
|
parent = xml_node_get_parent(ctx->xml, node);
|
|
xml_node_detach(ctx->xml, node);
|
|
wpa_printf(MSG_INFO, "Replace '%s' node", name);
|
|
} else {
|
|
char *pos2;
|
|
pos2 = os_strrchr(pos, '/');
|
|
if (pos2 == NULL) {
|
|
parent = pps;
|
|
} else {
|
|
*pos2 = '\0';
|
|
parent = get_node(ctx->xml, pps, pos);
|
|
}
|
|
if (parent == NULL) {
|
|
wpa_printf(MSG_INFO, "Could not find parent %s", pos);
|
|
xml_node_free(ctx->xml, unode);
|
|
xml_node_get_attr_value_free(ctx->xml, uri);
|
|
return -1;
|
|
}
|
|
wpa_printf(MSG_INFO, "Add '%s' node", name);
|
|
}
|
|
xml_node_add_child(ctx->xml, parent, unode);
|
|
|
|
xml_node_get_attr_value_free(ctx->xml, uri);
|
|
|
|
return 0;
|
|
}
|
|
|
|
|
|
static int update_pps(struct hs20_osu_client *ctx, xml_node_t *update,
|
|
const char *pps_fname, xml_node_t *pps)
|
|
{
|
|
wpa_printf(MSG_INFO, "Updating PPS based on updateNode element(s)");
|
|
xml_node_for_each_sibling(ctx->xml, update) {
|
|
xml_node_for_each_check(ctx->xml, update);
|
|
if (process_update_node(ctx, pps, update) < 0)
|
|
return -1;
|
|
}
|
|
|
|
return update_pps_file(ctx, pps_fname, pps);
|
|
}
|
|
|
|
|
|
static void hs20_sub_rem_complete(struct hs20_osu_client *ctx,
|
|
const char *pps_fname)
|
|
{
|
|
/*
|
|
* Update wpa_supplicant credentials and reconnect using updated
|
|
* information.
|
|
*/
|
|
wpa_printf(MSG_INFO, "Updating wpa_supplicant credentials");
|
|
cmd_set_pps(ctx, pps_fname);
|
|
|
|
if (ctx->no_reconnect)
|
|
return;
|
|
|
|
wpa_printf(MSG_INFO, "Requesting reconnection with updated configuration");
|
|
if (wpa_command(ctx->ifname, "INTERWORKING_SELECT auto") < 0)
|
|
wpa_printf(MSG_ERROR, "Failed to request wpa_supplicant to reconnect");
|
|
}
|
|
|
|
|
|
static xml_node_t * hs20_spp_upload_mo(struct hs20_osu_client *ctx,
|
|
xml_node_t *cmd,
|
|
const char *session_id,
|
|
const char *pps_fname)
|
|
{
|
|
xml_namespace_t *ns;
|
|
xml_node_t *node, *ret_node;
|
|
char *urn;
|
|
|
|
urn = get_spp_attr_value(ctx->xml, cmd, "moURN");
|
|
if (!urn) {
|
|
wpa_printf(MSG_INFO, "No URN included");
|
|
return NULL;
|
|
}
|
|
wpa_printf(MSG_INFO, "Upload MO request - URN=%s", urn);
|
|
if (strcasecmp(urn, URN_HS20_PPS) != 0) {
|
|
wpa_printf(MSG_INFO, "Unsupported moURN");
|
|
xml_node_get_attr_value_free(ctx->xml, urn);
|
|
return NULL;
|
|
}
|
|
xml_node_get_attr_value_free(ctx->xml, urn);
|
|
|
|
if (!pps_fname) {
|
|
wpa_printf(MSG_INFO, "PPS file name no known");
|
|
return NULL;
|
|
}
|
|
|
|
node = build_spp_post_dev_data(ctx, &ns, session_id,
|
|
"MO upload");
|
|
if (node == NULL)
|
|
return NULL;
|
|
add_mo_container(ctx->xml, ns, node, URN_HS20_PPS, pps_fname);
|
|
|
|
ret_node = soap_send_receive(ctx->http, node);
|
|
if (ret_node == NULL)
|
|
return NULL;
|
|
|
|
debug_dump_node(ctx, "Received response to MO upload", ret_node);
|
|
|
|
if (hs20_spp_validate(ctx, ret_node, "sppPostDevDataResponse") < 0) {
|
|
wpa_printf(MSG_INFO, "SPP validation failed");
|
|
xml_node_free(ctx->xml, ret_node);
|
|
return NULL;
|
|
}
|
|
|
|
return ret_node;
|
|
}
|
|
|
|
|
|
static int hs20_add_mo(struct hs20_osu_client *ctx, xml_node_t *add_mo,
|
|
char *fname, size_t fname_len)
|
|
{
|
|
char *uri, *urn;
|
|
int ret;
|
|
|
|
debug_dump_node(ctx, "Received addMO", add_mo);
|
|
|
|
urn = get_spp_attr_value(ctx->xml, add_mo, "moURN");
|
|
if (urn == NULL) {
|
|
wpa_printf(MSG_INFO, "[hs20] No moURN in addMO");
|
|
return -1;
|
|
}
|
|
wpa_printf(MSG_INFO, "addMO - moURN: '%s'", urn);
|
|
if (strcasecmp(urn, URN_HS20_PPS) != 0) {
|
|
wpa_printf(MSG_INFO, "[hs20] Unsupported MO in addMO");
|
|
xml_node_get_attr_value_free(ctx->xml, urn);
|
|
return -1;
|
|
}
|
|
xml_node_get_attr_value_free(ctx->xml, urn);
|
|
|
|
uri = get_spp_attr_value(ctx->xml, add_mo, "managementTreeURI");
|
|
if (uri == NULL) {
|
|
wpa_printf(MSG_INFO, "[hs20] No managementTreeURI in addMO");
|
|
return -1;
|
|
}
|
|
wpa_printf(MSG_INFO, "addMO - managementTreeURI: '%s'", uri);
|
|
|
|
ret = hs20_add_pps_mo(ctx, uri, add_mo, fname, fname_len);
|
|
xml_node_get_attr_value_free(ctx->xml, uri);
|
|
return ret;
|
|
}
|
|
|
|
|
|
static int process_spp_user_input_response(struct hs20_osu_client *ctx,
|
|
const char *session_id,
|
|
xml_node_t *add_mo)
|
|
{
|
|
int ret;
|
|
char fname[300];
|
|
|
|
debug_dump_node(ctx, "addMO", add_mo);
|
|
|
|
wpa_printf(MSG_INFO, "Subscription registration completed");
|
|
|
|
if (hs20_add_mo(ctx, add_mo, fname, sizeof(fname)) < 0) {
|
|
wpa_printf(MSG_INFO, "Could not add MO");
|
|
ret = hs20_spp_update_response(
|
|
ctx, session_id,
|
|
"Error occurred",
|
|
"MO addition or update failed");
|
|
return 0;
|
|
}
|
|
|
|
ret = hs20_spp_update_response(ctx, session_id, "OK", NULL);
|
|
if (ret == 0)
|
|
hs20_sub_rem_complete(ctx, fname);
|
|
|
|
return 0;
|
|
}
|
|
|
|
|
|
static xml_node_t * hs20_spp_user_input_completed(struct hs20_osu_client *ctx,
|
|
const char *session_id)
|
|
{
|
|
xml_node_t *node, *ret_node;
|
|
|
|
node = build_spp_post_dev_data(ctx, NULL, session_id,
|
|
"User input completed");
|
|
if (node == NULL)
|
|
return NULL;
|
|
|
|
ret_node = soap_send_receive(ctx->http, node);
|
|
if (!ret_node) {
|
|
if (soap_reinit_client(ctx->http) < 0)
|
|
return NULL;
|
|
wpa_printf(MSG_INFO, "Try to finish with re-opened connection");
|
|
node = build_spp_post_dev_data(ctx, NULL, session_id,
|
|
"User input completed");
|
|
if (node == NULL)
|
|
return NULL;
|
|
ret_node = soap_send_receive(ctx->http, node);
|
|
if (ret_node == NULL)
|
|
return NULL;
|
|
wpa_printf(MSG_INFO, "Continue with new connection");
|
|
}
|
|
|
|
if (hs20_spp_validate(ctx, ret_node, "sppPostDevDataResponse") < 0) {
|
|
wpa_printf(MSG_INFO, "SPP validation failed");
|
|
xml_node_free(ctx->xml, ret_node);
|
|
return NULL;
|
|
}
|
|
|
|
return ret_node;
|
|
}
|
|
|
|
|
|
static xml_node_t * hs20_spp_get_certificate(struct hs20_osu_client *ctx,
|
|
xml_node_t *cmd,
|
|
const char *session_id,
|
|
const char *pps_fname)
|
|
{
|
|
xml_namespace_t *ns;
|
|
xml_node_t *node, *ret_node;
|
|
int res;
|
|
|
|
wpa_printf(MSG_INFO, "Client certificate enrollment");
|
|
|
|
res = osu_get_certificate(ctx, cmd);
|
|
if (res < 0)
|
|
wpa_printf(MSG_INFO, "EST simpleEnroll failed");
|
|
|
|
node = build_spp_post_dev_data(ctx, &ns, session_id,
|
|
res == 0 ?
|
|
"Certificate enrollment completed" :
|
|
"Certificate enrollment failed");
|
|
if (node == NULL)
|
|
return NULL;
|
|
|
|
ret_node = soap_send_receive(ctx->http, node);
|
|
if (ret_node == NULL)
|
|
return NULL;
|
|
|
|
debug_dump_node(ctx, "Received response to certificate enrollment "
|
|
"completed", ret_node);
|
|
|
|
if (hs20_spp_validate(ctx, ret_node, "sppPostDevDataResponse") < 0) {
|
|
wpa_printf(MSG_INFO, "SPP validation failed");
|
|
xml_node_free(ctx->xml, ret_node);
|
|
return NULL;
|
|
}
|
|
|
|
return ret_node;
|
|
}
|
|
|
|
|
|
static int hs20_spp_exec(struct hs20_osu_client *ctx, xml_node_t *exec,
|
|
const char *session_id, const char *pps_fname,
|
|
xml_node_t *pps, xml_node_t **ret_node)
|
|
{
|
|
xml_node_t *cmd;
|
|
const char *name;
|
|
char *uri;
|
|
char *id = strdup(session_id);
|
|
|
|
if (id == NULL)
|
|
return -1;
|
|
|
|
*ret_node = NULL;
|
|
|
|
debug_dump_node(ctx, "exec", exec);
|
|
|
|
xml_node_for_each_child(ctx->xml, cmd, exec) {
|
|
xml_node_for_each_check(ctx->xml, cmd);
|
|
break;
|
|
}
|
|
if (!cmd) {
|
|
wpa_printf(MSG_INFO, "exec command element not found (cmd=%p)",
|
|
cmd);
|
|
free(id);
|
|
return -1;
|
|
}
|
|
|
|
name = xml_node_get_localname(ctx->xml, cmd);
|
|
|
|
if (strcasecmp(name, "launchBrowserToURI") == 0) {
|
|
int res;
|
|
uri = xml_node_get_text(ctx->xml, cmd);
|
|
if (!uri) {
|
|
wpa_printf(MSG_INFO, "No URI found");
|
|
free(id);
|
|
return -1;
|
|
}
|
|
wpa_printf(MSG_INFO, "Launch browser to URI '%s'", uri);
|
|
write_summary(ctx, "Launch browser to URI '%s'", uri);
|
|
res = hs20_web_browser(uri);
|
|
xml_node_get_text_free(ctx->xml, uri);
|
|
if (res > 0) {
|
|
wpa_printf(MSG_INFO, "User response in browser completed successfully - sessionid='%s'",
|
|
id);
|
|
write_summary(ctx, "User response in browser completed successfully");
|
|
*ret_node = hs20_spp_user_input_completed(ctx, id);
|
|
free(id);
|
|
return *ret_node ? 0 : -1;
|
|
} else {
|
|
wpa_printf(MSG_INFO, "Failed to receive user response");
|
|
write_summary(ctx, "Failed to receive user response");
|
|
hs20_spp_update_response(
|
|
ctx, id, "Error occurred", "Other");
|
|
free(id);
|
|
return -1;
|
|
}
|
|
return 0;
|
|
}
|
|
|
|
if (strcasecmp(name, "uploadMO") == 0) {
|
|
if (pps_fname == NULL)
|
|
return -1;
|
|
*ret_node = hs20_spp_upload_mo(ctx, cmd, id,
|
|
pps_fname);
|
|
free(id);
|
|
return *ret_node ? 0 : -1;
|
|
}
|
|
|
|
if (strcasecmp(name, "getCertificate") == 0) {
|
|
*ret_node = hs20_spp_get_certificate(ctx, cmd, id,
|
|
pps_fname);
|
|
free(id);
|
|
return *ret_node ? 0 : -1;
|
|
}
|
|
|
|
wpa_printf(MSG_INFO, "Unsupported exec command: '%s'", name);
|
|
free(id);
|
|
return -1;
|
|
}
|
|
|
|
|
|
enum spp_post_dev_data_use {
|
|
SPP_SUBSCRIPTION_REMEDIATION,
|
|
SPP_POLICY_UPDATE,
|
|
SPP_SUBSCRIPTION_REGISTRATION,
|
|
};
|
|
|
|
static void process_spp_post_dev_data_response(
|
|
struct hs20_osu_client *ctx,
|
|
enum spp_post_dev_data_use use, xml_node_t *node,
|
|
const char *pps_fname, xml_node_t *pps)
|
|
{
|
|
xml_node_t *child;
|
|
char *status = NULL;
|
|
xml_node_t *update = NULL, *exec = NULL, *add_mo = NULL, *no_mo = NULL;
|
|
char *session_id = NULL;
|
|
|
|
debug_dump_node(ctx, "sppPostDevDataResponse node", node);
|
|
|
|
status = get_spp_attr_value(ctx->xml, node, "sppStatus");
|
|
if (status == NULL) {
|
|
wpa_printf(MSG_INFO, "No sppStatus attribute");
|
|
goto out;
|
|
}
|
|
write_summary(ctx, "Received sppPostDevDataResponse sppStatus='%s'",
|
|
status);
|
|
|
|
session_id = get_spp_attr_value(ctx->xml, node, "sessionID");
|
|
if (session_id == NULL) {
|
|
wpa_printf(MSG_INFO, "No sessionID attribute");
|
|
goto out;
|
|
}
|
|
|
|
wpa_printf(MSG_INFO, "[hs20] sppPostDevDataResponse - sppStatus: '%s' sessionID: '%s'",
|
|
status, session_id);
|
|
|
|
xml_node_for_each_child(ctx->xml, child, node) {
|
|
const char *name;
|
|
xml_node_for_each_check(ctx->xml, child);
|
|
debug_dump_node(ctx, "child", child);
|
|
name = xml_node_get_localname(ctx->xml, child);
|
|
wpa_printf(MSG_INFO, "localname: '%s'", name);
|
|
if (!update && strcasecmp(name, "updateNode") == 0)
|
|
update = child;
|
|
if (!exec && strcasecmp(name, "exec") == 0)
|
|
exec = child;
|
|
if (!add_mo && strcasecmp(name, "addMO") == 0)
|
|
add_mo = child;
|
|
if (!no_mo && strcasecmp(name, "noMOUpdate") == 0)
|
|
no_mo = child;
|
|
}
|
|
|
|
if (use == SPP_SUBSCRIPTION_REMEDIATION &&
|
|
strcasecmp(status,
|
|
"Remediation complete, request sppUpdateResponse") == 0)
|
|
{
|
|
int res, ret;
|
|
if (!update && !no_mo) {
|
|
wpa_printf(MSG_INFO, "No updateNode or noMOUpdate element");
|
|
goto out;
|
|
}
|
|
wpa_printf(MSG_INFO, "Subscription remediation completed");
|
|
res = update_pps(ctx, update, pps_fname, pps);
|
|
if (res < 0)
|
|
wpa_printf(MSG_INFO, "Failed to update PPS MO");
|
|
ret = hs20_spp_update_response(
|
|
ctx, session_id,
|
|
res < 0 ? "Error occurred" : "OK",
|
|
res < 0 ? "MO addition or update failed" : NULL);
|
|
if (res == 0 && ret == 0)
|
|
hs20_sub_rem_complete(ctx, pps_fname);
|
|
goto out;
|
|
}
|
|
|
|
if (use == SPP_SUBSCRIPTION_REMEDIATION &&
|
|
strcasecmp(status, "Exchange complete, release TLS connection") ==
|
|
0) {
|
|
if (!no_mo) {
|
|
wpa_printf(MSG_INFO, "No noMOUpdate element");
|
|
goto out;
|
|
}
|
|
wpa_printf(MSG_INFO, "Subscription remediation completed (no MO update)");
|
|
goto out;
|
|
}
|
|
|
|
if (use == SPP_POLICY_UPDATE &&
|
|
strcasecmp(status, "Update complete, request sppUpdateResponse") ==
|
|
0) {
|
|
int res, ret;
|
|
wpa_printf(MSG_INFO, "Policy update received - update PPS");
|
|
res = update_pps(ctx, update, pps_fname, pps);
|
|
ret = hs20_spp_update_response(
|
|
ctx, session_id,
|
|
res < 0 ? "Error occurred" : "OK",
|
|
res < 0 ? "MO addition or update failed" : NULL);
|
|
if (res == 0 && ret == 0)
|
|
hs20_policy_update_complete(ctx, pps_fname);
|
|
goto out;
|
|
}
|
|
|
|
if (use == SPP_SUBSCRIPTION_REGISTRATION &&
|
|
strcasecmp(status, "Provisioning complete, request "
|
|
"sppUpdateResponse") == 0) {
|
|
if (!add_mo) {
|
|
wpa_printf(MSG_INFO, "No addMO element - not sure what to do next");
|
|
goto out;
|
|
}
|
|
process_spp_user_input_response(ctx, session_id, add_mo);
|
|
node = NULL;
|
|
goto out;
|
|
}
|
|
|
|
if (strcasecmp(status, "No update available at this time") == 0) {
|
|
wpa_printf(MSG_INFO, "No update available at this time");
|
|
goto out;
|
|
}
|
|
|
|
if (strcasecmp(status, "OK") == 0) {
|
|
int res;
|
|
xml_node_t *ret;
|
|
|
|
if (!exec) {
|
|
wpa_printf(MSG_INFO, "No exec element - not sure what to do next");
|
|
goto out;
|
|
}
|
|
res = hs20_spp_exec(ctx, exec, session_id,
|
|
pps_fname, pps, &ret);
|
|
/* xml_node_free(ctx->xml, node); */
|
|
node = NULL;
|
|
if (res == 0 && ret)
|
|
process_spp_post_dev_data_response(ctx, use,
|
|
ret, pps_fname, pps);
|
|
goto out;
|
|
}
|
|
|
|
if (strcasecmp(status, "Error occurred") == 0) {
|
|
xml_node_t *err;
|
|
char *code = NULL;
|
|
err = get_node(ctx->xml, node, "sppError");
|
|
if (err)
|
|
code = xml_node_get_attr_value(ctx->xml, err,
|
|
"errorCode");
|
|
wpa_printf(MSG_INFO, "Error occurred - errorCode=%s",
|
|
code ? code : "N/A");
|
|
xml_node_get_attr_value_free(ctx->xml, code);
|
|
goto out;
|
|
}
|
|
|
|
wpa_printf(MSG_INFO,
|
|
"[hs20] Unsupported sppPostDevDataResponse sppStatus '%s'",
|
|
status);
|
|
out:
|
|
xml_node_get_attr_value_free(ctx->xml, status);
|
|
xml_node_get_attr_value_free(ctx->xml, session_id);
|
|
xml_node_free(ctx->xml, node);
|
|
}
|
|
|
|
|
|
static int spp_post_dev_data(struct hs20_osu_client *ctx,
|
|
enum spp_post_dev_data_use use,
|
|
const char *reason,
|
|
const char *pps_fname, xml_node_t *pps)
|
|
{
|
|
xml_node_t *payload;
|
|
xml_node_t *ret_node;
|
|
|
|
payload = build_spp_post_dev_data(ctx, NULL, NULL, reason);
|
|
if (payload == NULL)
|
|
return -1;
|
|
|
|
ret_node = soap_send_receive(ctx->http, payload);
|
|
if (!ret_node) {
|
|
const char *err = http_get_err(ctx->http);
|
|
if (err) {
|
|
wpa_printf(MSG_INFO, "HTTP error: %s", err);
|
|
write_result(ctx, "HTTP error: %s", err);
|
|
} else {
|
|
write_summary(ctx, "Failed to send SOAP message");
|
|
}
|
|
return -1;
|
|
}
|
|
|
|
if (hs20_spp_validate(ctx, ret_node, "sppPostDevDataResponse") < 0) {
|
|
wpa_printf(MSG_INFO, "SPP validation failed");
|
|
xml_node_free(ctx->xml, ret_node);
|
|
return -1;
|
|
}
|
|
|
|
process_spp_post_dev_data_response(ctx, use, ret_node,
|
|
pps_fname, pps);
|
|
return 0;
|
|
}
|
|
|
|
|
|
void spp_sub_rem(struct hs20_osu_client *ctx, const char *address,
|
|
const char *pps_fname,
|
|
const char *client_cert, const char *client_key,
|
|
const char *cred_username, const char *cred_password,
|
|
xml_node_t *pps)
|
|
{
|
|
wpa_printf(MSG_INFO, "SPP subscription remediation");
|
|
write_summary(ctx, "SPP subscription remediation");
|
|
|
|
os_free(ctx->server_url);
|
|
ctx->server_url = os_strdup(address);
|
|
|
|
if (soap_init_client(ctx->http, address, ctx->ca_fname,
|
|
cred_username, cred_password, client_cert,
|
|
client_key) == 0) {
|
|
spp_post_dev_data(ctx, SPP_SUBSCRIPTION_REMEDIATION,
|
|
"Subscription remediation", pps_fname, pps);
|
|
}
|
|
}
|
|
|
|
|
|
static void hs20_policy_update_complete(struct hs20_osu_client *ctx,
|
|
const char *pps_fname)
|
|
{
|
|
wpa_printf(MSG_INFO, "Policy update completed");
|
|
|
|
/*
|
|
* Update wpa_supplicant credentials and reconnect using updated
|
|
* information.
|
|
*/
|
|
wpa_printf(MSG_INFO, "Updating wpa_supplicant credentials");
|
|
cmd_set_pps(ctx, pps_fname);
|
|
|
|
wpa_printf(MSG_INFO, "Requesting reconnection with updated configuration");
|
|
if (wpa_command(ctx->ifname, "INTERWORKING_SELECT auto") < 0)
|
|
wpa_printf(MSG_ERROR, "Failed to request wpa_supplicant to reconnect");
|
|
}
|
|
|
|
|
|
static int process_spp_exchange_complete(struct hs20_osu_client *ctx,
|
|
xml_node_t *node)
|
|
{
|
|
char *status, *session_id;
|
|
|
|
debug_dump_node(ctx, "sppExchangeComplete", node);
|
|
|
|
status = get_spp_attr_value(ctx->xml, node, "sppStatus");
|
|
if (status == NULL) {
|
|
wpa_printf(MSG_INFO, "No sppStatus attribute");
|
|
return -1;
|
|
}
|
|
write_summary(ctx, "Received sppExchangeComplete sppStatus='%s'",
|
|
status);
|
|
|
|
session_id = get_spp_attr_value(ctx->xml, node, "sessionID");
|
|
if (session_id == NULL) {
|
|
wpa_printf(MSG_INFO, "No sessionID attribute");
|
|
xml_node_get_attr_value_free(ctx->xml, status);
|
|
return -1;
|
|
}
|
|
|
|
wpa_printf(MSG_INFO, "[hs20] sppStatus: '%s' sessionID: '%s'",
|
|
status, session_id);
|
|
xml_node_get_attr_value_free(ctx->xml, session_id);
|
|
|
|
if (strcasecmp(status, "Exchange complete, release TLS connection") ==
|
|
0) {
|
|
xml_node_get_attr_value_free(ctx->xml, status);
|
|
return 0;
|
|
}
|
|
|
|
wpa_printf(MSG_INFO, "Unexpected sppStatus '%s'", status);
|
|
write_summary(ctx, "Unexpected sppStatus '%s'", status);
|
|
xml_node_get_attr_value_free(ctx->xml, status);
|
|
return -1;
|
|
}
|
|
|
|
|
|
static xml_node_t * build_spp_update_response(struct hs20_osu_client *ctx,
|
|
const char *session_id,
|
|
const char *spp_status,
|
|
const char *error_code)
|
|
{
|
|
xml_namespace_t *ns;
|
|
xml_node_t *spp_node, *node;
|
|
|
|
spp_node = xml_node_create_root(ctx->xml, SPP_NS_URI, "spp", &ns,
|
|
"sppUpdateResponse");
|
|
if (spp_node == NULL)
|
|
return NULL;
|
|
|
|
xml_node_add_attr(ctx->xml, spp_node, ns, "sppVersion", "1.0");
|
|
xml_node_add_attr(ctx->xml, spp_node, ns, "sessionID", session_id);
|
|
xml_node_add_attr(ctx->xml, spp_node, ns, "sppStatus", spp_status);
|
|
|
|
if (error_code) {
|
|
node = xml_node_create(ctx->xml, spp_node, ns, "sppError");
|
|
if (node)
|
|
xml_node_add_attr(ctx->xml, node, NULL, "errorCode",
|
|
error_code);
|
|
}
|
|
|
|
return spp_node;
|
|
}
|
|
|
|
|
|
static int hs20_spp_update_response(struct hs20_osu_client *ctx,
|
|
const char *session_id,
|
|
const char *spp_status,
|
|
const char *error_code)
|
|
{
|
|
xml_node_t *node, *ret_node;
|
|
int ret;
|
|
|
|
write_summary(ctx, "Building sppUpdateResponse sppStatus='%s' error_code='%s'",
|
|
spp_status, error_code);
|
|
node = build_spp_update_response(ctx, session_id, spp_status,
|
|
error_code);
|
|
if (node == NULL)
|
|
return -1;
|
|
ret_node = soap_send_receive(ctx->http, node);
|
|
if (!ret_node) {
|
|
if (soap_reinit_client(ctx->http) < 0)
|
|
return -1;
|
|
wpa_printf(MSG_INFO, "Try to finish with re-opened connection");
|
|
node = build_spp_update_response(ctx, session_id, spp_status,
|
|
error_code);
|
|
if (node == NULL)
|
|
return -1;
|
|
ret_node = soap_send_receive(ctx->http, node);
|
|
if (ret_node == NULL)
|
|
return -1;
|
|
wpa_printf(MSG_INFO, "Continue with new connection");
|
|
}
|
|
|
|
if (hs20_spp_validate(ctx, ret_node, "sppExchangeComplete") < 0) {
|
|
wpa_printf(MSG_INFO, "SPP validation failed");
|
|
xml_node_free(ctx->xml, ret_node);
|
|
return -1;
|
|
}
|
|
|
|
ret = process_spp_exchange_complete(ctx, ret_node);
|
|
xml_node_free(ctx->xml, ret_node);
|
|
return ret;
|
|
}
|
|
|
|
|
|
void spp_pol_upd(struct hs20_osu_client *ctx, const char *address,
|
|
const char *pps_fname,
|
|
const char *client_cert, const char *client_key,
|
|
const char *cred_username, const char *cred_password,
|
|
xml_node_t *pps)
|
|
{
|
|
wpa_printf(MSG_INFO, "SPP policy update");
|
|
write_summary(ctx, "SPP policy update");
|
|
|
|
os_free(ctx->server_url);
|
|
ctx->server_url = os_strdup(address);
|
|
|
|
if (soap_init_client(ctx->http, address, ctx->ca_fname, cred_username,
|
|
cred_password, client_cert, client_key) == 0) {
|
|
spp_post_dev_data(ctx, SPP_POLICY_UPDATE, "Policy update",
|
|
pps_fname, pps);
|
|
}
|
|
}
|
|
|
|
|
|
int cmd_prov(struct hs20_osu_client *ctx, const char *url)
|
|
{
|
|
unlink("Cert/est_cert.der");
|
|
unlink("Cert/est_cert.pem");
|
|
|
|
if (url == NULL) {
|
|
wpa_printf(MSG_INFO, "Invalid prov command (missing URL)");
|
|
return -1;
|
|
}
|
|
|
|
wpa_printf(MSG_INFO, "Credential provisioning requested");
|
|
|
|
os_free(ctx->server_url);
|
|
ctx->server_url = os_strdup(url);
|
|
|
|
if (soap_init_client(ctx->http, url, ctx->ca_fname, NULL, NULL, NULL,
|
|
NULL) < 0)
|
|
return -1;
|
|
spp_post_dev_data(ctx, SPP_SUBSCRIPTION_REGISTRATION,
|
|
"Subscription registration", NULL, NULL);
|
|
|
|
return ctx->pps_cred_set ? 0 : -1;
|
|
}
|
|
|
|
|
|
int cmd_sim_prov(struct hs20_osu_client *ctx, const char *url)
|
|
{
|
|
if (url == NULL) {
|
|
wpa_printf(MSG_INFO, "Invalid prov command (missing URL)");
|
|
return -1;
|
|
}
|
|
|
|
wpa_printf(MSG_INFO, "SIM provisioning requested");
|
|
|
|
os_free(ctx->server_url);
|
|
ctx->server_url = os_strdup(url);
|
|
|
|
wpa_printf(MSG_INFO, "Wait for IP address before starting SIM provisioning");
|
|
|
|
if (wait_ip_addr(ctx->ifname, 15) < 0) {
|
|
wpa_printf(MSG_INFO, "Could not get IP address for WLAN - try connection anyway");
|
|
}
|
|
|
|
if (soap_init_client(ctx->http, url, ctx->ca_fname, NULL, NULL, NULL,
|
|
NULL) < 0)
|
|
return -1;
|
|
spp_post_dev_data(ctx, SPP_SUBSCRIPTION_REGISTRATION,
|
|
"Subscription provisioning", NULL, NULL);
|
|
|
|
return ctx->pps_cred_set ? 0 : -1;
|
|
}
|