diff options
author | Dmitry Shmidt <dimitrysh@google.com> | 2011-05-09 14:06:53 -0700 |
---|---|---|
committer | Dmitry Shmidt <dimitrysh@google.com> | 2011-05-09 14:24:08 -0700 |
commit | 8d520ff1dc2da35cdca849e982051b86468016d8 (patch) | |
tree | 3e33700a20ffe9064c3de3e9efa3a9dfcebb7b03 /src/wps/wps_er.c | |
parent | 7acd11a82b3521a1ec0ef3976af4786b02642e7e (diff) | |
download | external_wpa_supplicant_8-8d520ff1dc2da35cdca849e982051b86468016d8.zip external_wpa_supplicant_8-8d520ff1dc2da35cdca849e982051b86468016d8.tar.gz external_wpa_supplicant_8-8d520ff1dc2da35cdca849e982051b86468016d8.tar.bz2 |
wpa_supplicant: Initial Revision 0.8.X
Based on:
commit 0725cc7b7efc434910e89865c42eda7ce61bbf08
Author: Jouni Malinen <j@w1.fi>
Date: Thu Apr 21 20:41:01 2011 +0300
Enable CONFIG_DRIVER_NL80211=y in the default configuration
nl80211 should be preferred over WEXT with any recent Linux
kernel version.
Change-Id: I26aec5afbbd4f4a1f5fd900912545b6f5050de64
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
Diffstat (limited to 'src/wps/wps_er.c')
-rw-r--r-- | src/wps/wps_er.c | 1959 |
1 files changed, 1959 insertions, 0 deletions
diff --git a/src/wps/wps_er.c b/src/wps/wps_er.c new file mode 100644 index 0000000..a461836 --- /dev/null +++ b/src/wps/wps_er.c @@ -0,0 +1,1959 @@ +/* + * Wi-Fi Protected Setup - External Registrar + * Copyright (c) 2009, Jouni Malinen <j@w1.fi> + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + * + * Alternatively, this software may be distributed under the terms of BSD + * license. + * + * See README and COPYING for more details. + */ + +#include "includes.h" + +#include "common.h" +#include "base64.h" +#include "uuid.h" +#include "eloop.h" +#include "httpread.h" +#include "http_client.h" +#include "http_server.h" +#include "upnp_xml.h" +#include "wps_i.h" +#include "wps_upnp.h" +#include "wps_upnp_i.h" +#include "wps_er.h" + + +static void wps_er_deinit_finish(void *eloop_data, void *user_ctx); +static void wps_er_ap_timeout(void *eloop_data, void *user_ctx); +static void wps_er_sta_timeout(void *eloop_data, void *user_ctx); +static void wps_er_ap_process(struct wps_er_ap *ap, struct wpabuf *msg); +static int wps_er_send_get_device_info(struct wps_er_ap *ap, + void (*m1_handler)(struct wps_er_ap *ap, + struct wpabuf *m1)); + + +static void wps_er_sta_event(struct wps_context *wps, struct wps_er_sta *sta, + enum wps_event event) +{ + union wps_event_data data; + struct wps_event_er_enrollee *ev = &data.enrollee; + + if (wps->event_cb == NULL) + return; + + os_memset(&data, 0, sizeof(data)); + ev->uuid = sta->uuid; + ev->mac_addr = sta->addr; + ev->m1_received = sta->m1_received; + ev->config_methods = sta->config_methods; + ev->dev_passwd_id = sta->dev_passwd_id; + ev->pri_dev_type = sta->pri_dev_type; + ev->dev_name = sta->dev_name; + ev->manufacturer = sta->manufacturer; + ev->model_name = sta->model_name; + ev->model_number = sta->model_number; + ev->serial_number = sta->serial_number; + wps->event_cb(wps->cb_ctx, event, &data); +} + + +static struct wps_er_sta * wps_er_sta_get(struct wps_er_ap *ap, const u8 *addr, + const u8 *uuid) +{ + struct wps_er_sta *sta; + dl_list_for_each(sta, &ap->sta, struct wps_er_sta, list) { + if ((addr == NULL || + os_memcmp(sta->addr, addr, ETH_ALEN) == 0) && + (uuid == NULL || + os_memcmp(uuid, sta->uuid, WPS_UUID_LEN) == 0)) + return sta; + } + return NULL; +} + + +static void wps_er_sta_free(struct wps_er_sta *sta) +{ + wps_er_sta_event(sta->ap->er->wps, sta, WPS_EV_ER_ENROLLEE_REMOVE); + if (sta->wps) + wps_deinit(sta->wps); + os_free(sta->manufacturer); + os_free(sta->model_name); + os_free(sta->model_number); + os_free(sta->serial_number); + os_free(sta->dev_name); + http_client_free(sta->http); + eloop_cancel_timeout(wps_er_sta_timeout, sta, NULL); + os_free(sta->cred); + os_free(sta); +} + + +static void wps_er_sta_remove_all(struct wps_er_ap *ap) +{ + struct wps_er_sta *prev, *sta; + dl_list_for_each_safe(sta, prev, &ap->sta, struct wps_er_sta, list) + wps_er_sta_free(sta); +} + + +static struct wps_er_ap * wps_er_ap_get(struct wps_er *er, + struct in_addr *addr, const u8 *uuid) +{ + struct wps_er_ap *ap; + dl_list_for_each(ap, &er->ap, struct wps_er_ap, list) { + if ((addr == NULL || ap->addr.s_addr == addr->s_addr) && + (uuid == NULL || + os_memcmp(uuid, ap->uuid, WPS_UUID_LEN) == 0)) + return ap; + } + return NULL; +} + + +static struct wps_er_ap * wps_er_ap_get_id(struct wps_er *er, unsigned int id) +{ + struct wps_er_ap *ap; + dl_list_for_each(ap, &er->ap, struct wps_er_ap, list) { + if (ap->id == id) + return ap; + } + return NULL; +} + + +static void wps_er_ap_event(struct wps_context *wps, struct wps_er_ap *ap, + enum wps_event event) +{ + union wps_event_data data; + struct wps_event_er_ap *evap = &data.ap; + + if (wps->event_cb == NULL) + return; + + os_memset(&data, 0, sizeof(data)); + evap->uuid = ap->uuid; + evap->friendly_name = ap->friendly_name; + evap->manufacturer = ap->manufacturer; + evap->manufacturer_url = ap->manufacturer_url; + evap->model_description = ap->model_description; + evap->model_name = ap->model_name; + evap->model_number = ap->model_number; + evap->model_url = ap->model_url; + evap->serial_number = ap->serial_number; + evap->upc = ap->upc; + evap->pri_dev_type = ap->pri_dev_type; + evap->wps_state = ap->wps_state; + evap->mac_addr = ap->mac_addr; + wps->event_cb(wps->cb_ctx, event, &data); +} + + +static void wps_er_ap_free(struct wps_er_ap *ap) +{ + http_client_free(ap->http); + ap->http = NULL; + + os_free(ap->location); + os_free(ap->friendly_name); + os_free(ap->manufacturer); + os_free(ap->manufacturer_url); + os_free(ap->model_description); + os_free(ap->model_name); + os_free(ap->model_number); + os_free(ap->model_url); + os_free(ap->serial_number); + os_free(ap->udn); + os_free(ap->upc); + + os_free(ap->scpd_url); + os_free(ap->control_url); + os_free(ap->event_sub_url); + + os_free(ap->ap_settings); + + os_free(ap); +} + + +static void wps_er_ap_unsubscribed(struct wps_er *er, struct wps_er_ap *ap) +{ + wpa_printf(MSG_DEBUG, "WPS ER: Unsubscribed from AP %s (%s)", + inet_ntoa(ap->addr), ap->location); + dl_list_del(&ap->list); + wps_er_ap_free(ap); + + if (er->deinitializing && dl_list_empty(&er->ap_unsubscribing)) { + eloop_cancel_timeout(wps_er_deinit_finish, er, NULL); + wps_er_deinit_finish(er, NULL); + } +} + + +static void wps_er_http_unsubscribe_cb(void *ctx, struct http_client *c, + enum http_client_event event) +{ + struct wps_er_ap *ap = ctx; + + switch (event) { + case HTTP_CLIENT_OK: + wpa_printf(MSG_DEBUG, "WPS ER: Unsubscribed from events"); + ap->subscribed = 0; + break; + case HTTP_CLIENT_FAILED: + case HTTP_CLIENT_INVALID_REPLY: + case HTTP_CLIENT_TIMEOUT: + wpa_printf(MSG_DEBUG, "WPS ER: Failed to unsubscribe from " + "events"); + break; + } + http_client_free(ap->http); + ap->http = NULL; + + /* + * Need to get rid of the AP entry regardless of whether we managed to + * unsubscribe cleanly or not. + */ + wps_er_ap_unsubscribed(ap->er, ap); +} + + +static void wps_er_ap_unsubscribe(struct wps_er *er, struct wps_er_ap *ap) +{ + struct wpabuf *req; + struct sockaddr_in dst; + char *url, *path; + char sid[100]; + + if (ap->event_sub_url == NULL) { + wpa_printf(MSG_DEBUG, "WPS ER: No eventSubURL - cannot " + "subscribe"); + goto fail; + } + if (ap->http) { + wpa_printf(MSG_DEBUG, "WPS ER: Pending HTTP request - cannot " + "send subscribe request"); + goto fail; + } + + url = http_client_url_parse(ap->event_sub_url, &dst, &path); + if (url == NULL) { + wpa_printf(MSG_DEBUG, "WPS ER: Failed to parse eventSubURL"); + goto fail; + } + + req = wpabuf_alloc(os_strlen(ap->event_sub_url) + 1000); + if (req == NULL) { + os_free(url); + goto fail; + } + uuid_bin2str(ap->sid, sid, sizeof(sid)); + wpabuf_printf(req, + "UNSUBSCRIBE %s HTTP/1.1\r\n" + "HOST: %s:%d\r\n" + "SID: uuid:%s\r\n" + "\r\n", + path, inet_ntoa(dst.sin_addr), ntohs(dst.sin_port), sid); + os_free(url); + wpa_hexdump_ascii(MSG_MSGDUMP, "WPS ER: Unsubscription request", + wpabuf_head(req), wpabuf_len(req)); + + ap->http = http_client_addr(&dst, req, 1000, + wps_er_http_unsubscribe_cb, ap); + if (ap->http == NULL) { + wpabuf_free(req); + goto fail; + } + return; + +fail: + /* + * Need to get rid of the AP entry even when we fail to unsubscribe + * cleanly. + */ + wps_er_ap_unsubscribed(ap->er, ap); +} + + +static struct wps_er_ap_settings * wps_er_ap_get_settings(struct wps_er *er, + const u8 *uuid) +{ + struct wps_er_ap_settings *s; + dl_list_for_each(s, &er->ap_settings, struct wps_er_ap_settings, list) + if (os_memcmp(uuid, s->uuid, WPS_UUID_LEN) == 0) + return s; + return NULL; +} + + +int wps_er_ap_cache_settings(struct wps_er *er, struct in_addr *addr) +{ + struct wps_er_ap *ap; + struct wps_er_ap_settings *settings; + + ap = wps_er_ap_get(er, addr, NULL); + if (ap == NULL || ap->ap_settings == NULL) + return -1; + + settings = wps_er_ap_get_settings(er, ap->uuid); + if (!settings) { + settings = os_zalloc(sizeof(*settings)); + if (settings == NULL) + return -1; + os_memcpy(settings->uuid, ap->uuid, WPS_UUID_LEN); + dl_list_add(&er->ap_settings, &settings->list); + } + os_memcpy(&settings->ap_settings, ap->ap_settings, + sizeof(struct wps_credential)); + + return 0; +} + + +static int wps_er_ap_use_cached_settings(struct wps_er *er, + struct wps_er_ap *ap) +{ + struct wps_er_ap_settings *s; + + if (ap->ap_settings) + return 0; + + s = wps_er_ap_get_settings(ap->er, ap->uuid); + if (!s) + return -1; + + ap->ap_settings = os_malloc(sizeof(*ap->ap_settings)); + if (ap->ap_settings == NULL) + return -1; + + os_memcpy(ap->ap_settings, &s->ap_settings, sizeof(*ap->ap_settings)); + wpa_printf(MSG_DEBUG, "WPS ER: Use cached AP settings"); + return 0; +} + + +static void wps_er_ap_remove_entry(struct wps_er *er, struct wps_er_ap *ap) +{ + wpa_printf(MSG_DEBUG, "WPS ER: Removing AP entry for %s (%s)", + inet_ntoa(ap->addr), ap->location); + eloop_cancel_timeout(wps_er_ap_timeout, er, ap); + wps_er_sta_remove_all(ap); + wps_er_ap_event(er->wps, ap, WPS_EV_ER_AP_REMOVE); + http_client_free(ap->http); + ap->http = NULL; + if (ap->wps) { + wps_deinit(ap->wps); + ap->wps = NULL; + } + + dl_list_del(&ap->list); + if (ap->subscribed) { + dl_list_add(&er->ap_unsubscribing, &ap->list); + wps_er_ap_unsubscribe(er, ap); + } else + wps_er_ap_free(ap); +} + + +static void wps_er_ap_timeout(void *eloop_data, void *user_ctx) +{ + struct wps_er *er = eloop_data; + struct wps_er_ap *ap = user_ctx; + wpa_printf(MSG_DEBUG, "WPS ER: AP advertisement timed out"); + wps_er_ap_remove_entry(er, ap); +} + + +static int wps_er_get_sid(struct wps_er_ap *ap, char *sid) +{ + char *pos; + char txt[100]; + + if (!sid) { + wpa_printf(MSG_DEBUG, "WPS ER: No SID received from %s (%s)", + inet_ntoa(ap->addr), ap->location); + return -1; + } + + pos = os_strstr(sid, "uuid:"); + if (!pos) { + wpa_printf(MSG_DEBUG, "WPS ER: Invalid SID received from " + "%s (%s): '%s'", inet_ntoa(ap->addr), ap->location, + sid); + return -1; + } + + pos += 5; + if (uuid_str2bin(pos, ap->sid) < 0) { + wpa_printf(MSG_DEBUG, "WPS ER: Invalid SID received from " + "%s (%s): '%s'", inet_ntoa(ap->addr), ap->location, + sid); + return -1; + } + + uuid_bin2str(ap->sid, txt, sizeof(txt)); + wpa_printf(MSG_DEBUG, "WPS ER: SID for subscription with %s (%s): %s", + inet_ntoa(ap->addr), ap->location, txt); + + return 0; +} + + +static void wps_er_http_subscribe_cb(void *ctx, struct http_client *c, + enum http_client_event event) +{ + struct wps_er_ap *ap = ctx; + + switch (event) { + case HTTP_CLIENT_OK: + wpa_printf(MSG_DEBUG, "WPS ER: Subscribed to events"); + ap->subscribed = 1; + wps_er_get_sid(ap, http_client_get_hdr_line(c, "SID")); + wps_er_ap_use_cached_settings(ap->er, ap); + wps_er_ap_event(ap->er->wps, ap, WPS_EV_ER_AP_ADD); + break; + case HTTP_CLIENT_FAILED: + case HTTP_CLIENT_INVALID_REPLY: + case HTTP_CLIENT_TIMEOUT: + wpa_printf(MSG_DEBUG, "WPS ER: Failed to subscribe to events"); + break; + } + http_client_free(ap->http); + ap->http = NULL; +} + + +static void wps_er_subscribe(struct wps_er_ap *ap) +{ + struct wpabuf *req; + struct sockaddr_in dst; + char *url, *path; + + if (ap->event_sub_url == NULL) { + wpa_printf(MSG_DEBUG, "WPS ER: No eventSubURL - cannot " + "subscribe"); + return; + } + if (ap->http) { + wpa_printf(MSG_DEBUG, "WPS ER: Pending HTTP request - cannot " + "send subscribe request"); + return; + } + + url = http_client_url_parse(ap->event_sub_url, &dst, &path); + if (url == NULL) { + wpa_printf(MSG_DEBUG, "WPS ER: Failed to parse eventSubURL"); + return; + } + + req = wpabuf_alloc(os_strlen(ap->event_sub_url) + 1000); + if (req == NULL) { + os_free(url); + return; + } + wpabuf_printf(req, + "SUBSCRIBE %s HTTP/1.1\r\n" + "HOST: %s:%d\r\n" + "CALLBACK: <http://%s:%d/event/%u/%u>\r\n" + "NT: upnp:event\r\n" + "TIMEOUT: Second-%d\r\n" + "\r\n", + path, inet_ntoa(dst.sin_addr), ntohs(dst.sin_port), + ap->er->ip_addr_text, ap->er->http_port, + ap->er->event_id, ap->id, 1800); + os_free(url); + wpa_hexdump_ascii(MSG_MSGDUMP, "WPS ER: Subscription request", + wpabuf_head(req), wpabuf_len(req)); + + ap->http = http_client_addr(&dst, req, 1000, wps_er_http_subscribe_cb, + ap); + if (ap->http == NULL) + wpabuf_free(req); +} + + +static void wps_er_ap_get_m1(struct wps_er_ap *ap, struct wpabuf *m1) +{ + struct wps_parse_attr attr; + + if (wps_parse_msg(m1, &attr) < 0) { + wpa_printf(MSG_DEBUG, "WPS ER: Failed to parse M1"); + return; + } + if (attr.primary_dev_type) + os_memcpy(ap->pri_dev_type, attr.primary_dev_type, 8); + if (attr.wps_state) + ap->wps_state = *attr.wps_state; + if (attr.mac_addr) + os_memcpy(ap->mac_addr, attr.mac_addr, ETH_ALEN); + + wps_er_subscribe(ap); +} + + +static void wps_er_get_device_info(struct wps_er_ap *ap) +{ + wps_er_send_get_device_info(ap, wps_er_ap_get_m1); +} + + +static void wps_er_parse_device_description(struct wps_er_ap *ap, + struct wpabuf *reply) +{ + /* Note: reply includes null termination after the buffer data */ + const char *data = wpabuf_head(reply); + char *pos; + + wpa_hexdump_ascii(MSG_MSGDUMP, "WPS ER: Device info", + wpabuf_head(reply), wpabuf_len(reply)); + + ap->friendly_name = xml_get_first_item(data, "friendlyName"); + wpa_printf(MSG_DEBUG, "WPS ER: friendlyName='%s'", ap->friendly_name); + + ap->manufacturer = xml_get_first_item(data, "manufacturer"); + wpa_printf(MSG_DEBUG, "WPS ER: manufacturer='%s'", ap->manufacturer); + + ap->manufacturer_url = xml_get_first_item(data, "manufacturerURL"); + wpa_printf(MSG_DEBUG, "WPS ER: manufacturerURL='%s'", + ap->manufacturer_url); + + ap->model_description = xml_get_first_item(data, "modelDescription"); + wpa_printf(MSG_DEBUG, "WPS ER: modelDescription='%s'", + ap->model_description); + + ap->model_name = xml_get_first_item(data, "modelName"); + wpa_printf(MSG_DEBUG, "WPS ER: modelName='%s'", ap->model_name); + + ap->model_number = xml_get_first_item(data, "modelNumber"); + wpa_printf(MSG_DEBUG, "WPS ER: modelNumber='%s'", ap->model_number); + + ap->model_url = xml_get_first_item(data, "modelURL"); + wpa_printf(MSG_DEBUG, "WPS ER: modelURL='%s'", ap->model_url); + + ap->serial_number = xml_get_first_item(data, "serialNumber"); + wpa_printf(MSG_DEBUG, "WPS ER: serialNumber='%s'", ap->serial_number); + + ap->udn = xml_get_first_item(data, "UDN"); + wpa_printf(MSG_DEBUG, "WPS ER: UDN='%s'", ap->udn); + pos = os_strstr(ap->udn, "uuid:"); + if (pos) { + pos += 5; + if (uuid_str2bin(pos, ap->uuid) < 0) + wpa_printf(MSG_DEBUG, "WPS ER: Invalid UUID in UDN"); + } + + ap->upc = xml_get_first_item(data, "UPC"); + wpa_printf(MSG_DEBUG, "WPS ER: UPC='%s'", ap->upc); + + ap->scpd_url = http_link_update( + xml_get_first_item(data, "SCPDURL"), ap->location); + wpa_printf(MSG_DEBUG, "WPS ER: SCPDURL='%s'", ap->scpd_url); + + ap->control_url = http_link_update( + xml_get_first_item(data, "controlURL"), ap->location); + wpa_printf(MSG_DEBUG, "WPS ER: controlURL='%s'", ap->control_url); + + ap->event_sub_url = http_link_update( + xml_get_first_item(data, "eventSubURL"), ap->location); + wpa_printf(MSG_DEBUG, "WPS ER: eventSubURL='%s'", ap->event_sub_url); +} + + +static void wps_er_http_dev_desc_cb(void *ctx, struct http_client *c, + enum http_client_event event) +{ + struct wps_er_ap *ap = ctx; + struct wpabuf *reply; + int ok = 0; + + switch (event) { + case HTTP_CLIENT_OK: + reply = http_client_get_body(c); + if (reply == NULL) + break; + wps_er_parse_device_description(ap, reply); + ok = 1; + break; + case HTTP_CLIENT_FAILED: + case HTTP_CLIENT_INVALID_REPLY: + case HTTP_CLIENT_TIMEOUT: + wpa_printf(MSG_DEBUG, "WPS ER: Failed to fetch device info"); + break; + } + http_client_free(ap->http); + ap->http = NULL; + if (ok) + wps_er_get_device_info(ap); +} + + +void wps_er_ap_add(struct wps_er *er, const u8 *uuid, struct in_addr *addr, + const char *location, int max_age) +{ + struct wps_er_ap *ap; + + ap = wps_er_ap_get(er, addr, uuid); + if (ap) { + /* Update advertisement timeout */ + eloop_cancel_timeout(wps_er_ap_timeout, er, ap); + eloop_register_timeout(max_age, 0, wps_er_ap_timeout, er, ap); + return; + } + + ap = os_zalloc(sizeof(*ap)); + if (ap == NULL) + return; + dl_list_init(&ap->sta); + ap->er = er; + ap->id = ++er->next_ap_id; + ap->location = os_strdup(location); + if (ap->location == NULL) { + os_free(ap); + return; + } + dl_list_add(&er->ap, &ap->list); + + ap->addr.s_addr = addr->s_addr; + os_memcpy(ap->uuid, uuid, WPS_UUID_LEN); + eloop_register_timeout(max_age, 0, wps_er_ap_timeout, er, ap); + + wpa_printf(MSG_DEBUG, "WPS ER: Added AP entry for %s (%s)", + inet_ntoa(ap->addr), ap->location); + + /* Fetch device description */ + ap->http = http_client_url(ap->location, NULL, 10000, + wps_er_http_dev_desc_cb, ap); +} + + +void wps_er_ap_remove(struct wps_er *er, struct in_addr *addr) +{ + struct wps_er_ap *ap; + dl_list_for_each(ap, &er->ap, struct wps_er_ap, list) { + if (ap->addr.s_addr == addr->s_addr) { + wps_er_ap_remove_entry(er, ap); + return; + } + } +} + + +static void wps_er_ap_remove_all(struct wps_er *er) +{ + struct wps_er_ap *prev, *ap; + struct wps_er_ap_settings *prev_s, *s; + dl_list_for_each_safe(ap, prev, &er->ap, struct wps_er_ap, list) + wps_er_ap_remove_entry(er, ap); + dl_list_for_each_safe(s, prev_s, &er->ap_settings, + struct wps_er_ap_settings, list) + os_free(s); +} + + +static void http_put_date(struct wpabuf *buf) +{ + wpabuf_put_str(buf, "Date: "); + format_date(buf); + wpabuf_put_str(buf, "\r\n"); +} + + +static void wps_er_http_resp_not_found(struct http_request *req) +{ + struct wpabuf *buf; + buf = wpabuf_alloc(200); + if (buf == NULL) { + http_request_deinit(req); + return; + } + + wpabuf_put_str(buf, + "HTTP/1.1 404 Not Found\r\n" + "Server: unspecified, UPnP/1.0, unspecified\r\n" + "Connection: close\r\n"); + http_put_date(buf); + wpabuf_put_str(buf, "\r\n"); + http_request_send_and_deinit(req, buf); +} + + +static void wps_er_http_resp_ok(struct http_request *req) +{ + struct wpabuf *buf; + buf = wpabuf_alloc(200); + if (buf == NULL) { + http_request_deinit(req); + return; + } + + wpabuf_put_str(buf, + "HTTP/1.1 200 OK\r\n" + "Server: unspecified, UPnP/1.0, unspecified\r\n" + "Connection: close\r\n" + "Content-Length: 0\r\n"); + http_put_date(buf); + wpabuf_put_str(buf, "\r\n"); + http_request_send_and_deinit(req, buf); +} + + +static void wps_er_sta_timeout(void *eloop_data, void *user_ctx) +{ + struct wps_er_sta *sta = eloop_data; + wpa_printf(MSG_DEBUG, "WPS ER: STA entry timed out"); + dl_list_del(&sta->list); + wps_er_sta_free(sta); +} + + +static struct wps_er_sta * wps_er_add_sta_data(struct wps_er_ap *ap, + const u8 *addr, + struct wps_parse_attr *attr, + int probe_req) +{ + struct wps_er_sta *sta = wps_er_sta_get(ap, addr, NULL); + int new_sta = 0; + int m1; + + m1 = !probe_req && attr->msg_type && *attr->msg_type == WPS_M1; + + if (sta == NULL) { + /* + * Only allow new STA entry to be added based on Probe Request + * or M1. This will filter out bogus events and anything that + * may have been ongoing at the time ER subscribed for events. + */ + if (!probe_req && !m1) + return NULL; + + sta = os_zalloc(sizeof(*sta)); + if (sta == NULL) + return NULL; + os_memcpy(sta->addr, addr, ETH_ALEN); + sta->ap = ap; + dl_list_add(&ap->sta, &sta->list); + new_sta = 1; + } + + if (m1) + sta->m1_received = 1; + + if (attr->config_methods && (!probe_req || !sta->m1_received)) + sta->config_methods = WPA_GET_BE16(attr->config_methods); + if (attr->uuid_e && (!probe_req || !sta->m1_received)) + os_memcpy(sta->uuid, attr->uuid_e, WPS_UUID_LEN); + if (attr->primary_dev_type && (!probe_req || !sta->m1_received)) + os_memcpy(sta->pri_dev_type, attr->primary_dev_type, 8); + if (attr->dev_password_id && (!probe_req || !sta->m1_received)) + sta->dev_passwd_id = WPA_GET_BE16(attr->dev_password_id); + + if (attr->manufacturer) { + os_free(sta->manufacturer); + sta->manufacturer = os_malloc(attr->manufacturer_len + 1); + if (sta->manufacturer) { + os_memcpy(sta->manufacturer, attr->manufacturer, + attr->manufacturer_len); + sta->manufacturer[attr->manufacturer_len] = '\0'; + } + } + + if (attr->model_name) { + os_free(sta->model_name); + sta->model_name = os_malloc(attr->model_name_len + 1); + if (sta->model_name) { + os_memcpy(sta->model_name, attr->model_name, + attr->model_name_len); + sta->model_name[attr->model_name_len] = '\0'; + } + } + + if (attr->model_number) { + os_free(sta->model_number); + sta->model_number = os_malloc(attr->model_number_len + 1); + if (sta->model_number) { + os_memcpy(sta->model_number, attr->model_number, + attr->model_number_len); + sta->model_number[attr->model_number_len] = '\0'; + } + } + + if (attr->serial_number) { + os_free(sta->serial_number); + sta->serial_number = os_malloc(attr->serial_number_len + 1); + if (sta->serial_number) { + os_memcpy(sta->serial_number, attr->serial_number, + attr->serial_number_len); + sta->serial_number[attr->serial_number_len] = '\0'; + } + } + + if (attr->dev_name) { + os_free(sta->dev_name); + sta->dev_name = os_malloc(attr->dev_name_len + 1); + if (sta->dev_name) { + os_memcpy(sta->dev_name, attr->dev_name, + attr->dev_name_len); + sta->dev_name[attr->dev_name_len] = '\0'; + } + } + + eloop_cancel_timeout(wps_er_sta_timeout, sta, NULL); + eloop_register_timeout(300, 0, wps_er_sta_timeout, sta, NULL); + + if (m1 || new_sta) + wps_er_sta_event(ap->er->wps, sta, WPS_EV_ER_ENROLLEE_ADD); + + return sta; +} + + +static void wps_er_process_wlanevent_probe_req(struct wps_er_ap *ap, + const u8 *addr, + struct wpabuf *msg) +{ + struct wps_parse_attr attr; + + wpa_printf(MSG_DEBUG, "WPS ER: WLANEvent - Probe Request - from " + MACSTR, MAC2STR(addr)); + wpa_hexdump_buf(MSG_MSGDUMP, "WPS ER: WLANEvent - Enrollee's message " + "(TLVs from Probe Request)", msg); + + if (wps_validate_probe_req(msg, addr) < 0) { + wpa_printf(MSG_INFO, "WPS-STRICT: ER: Ignore invalid proxied " + "Probe Request frame from " MACSTR, MAC2STR(addr)); + return; + } + + if (wps_parse_msg(msg, &attr) < 0) { + wpa_printf(MSG_DEBUG, "WPS ER: Failed to parse TLVs in " + "WLANEvent message"); + return; + } + + wps_er_add_sta_data(ap, addr, &attr, 1); + wps_registrar_probe_req_rx(ap->er->wps->registrar, addr, msg, 0); +} + + +static void wps_er_http_put_wlan_response_cb(void *ctx, struct http_client *c, + enum http_client_event event) +{ + struct wps_er_sta *sta = ctx; + + switch (event) { + case HTTP_CLIENT_OK: + wpa_printf(MSG_DEBUG, "WPS ER: PutWLANResponse OK"); + break; + case HTTP_CLIENT_FAILED: + case HTTP_CLIENT_INVALID_REPLY: + case HTTP_CLIENT_TIMEOUT: + wpa_printf(MSG_DEBUG, "WPS ER: PutWLANResponse failed"); + break; + } + http_client_free(sta->http); + sta->http = NULL; +} + + +static const char *soap_prefix = + "<?xml version=\"1.0\"?>\n" + "<s:Envelope xmlns:s=\"http://schemas.xmlsoap.org/soap/envelope/\" " + "s:encodingStyle=\"http://schemas.xmlsoap.org/soap/encoding/\">\n" + "<s:Body>\n"; +static const char *soap_postfix = + "</s:Body>\n</s:Envelope>\n"; +static const char *urn_wfawlanconfig = + "urn:schemas-wifialliance-org:service:WFAWLANConfig:1"; + +static struct wpabuf * wps_er_soap_hdr(const struct wpabuf *msg, + const char *name, const char *arg_name, + const char *path, + const struct sockaddr_in *dst, + char **len_ptr, char **body_ptr) +{ + unsigned char *encoded; + size_t encoded_len; + struct wpabuf *buf; + + if (msg) { + encoded = base64_encode(wpabuf_head(msg), wpabuf_len(msg), + &encoded_len); + if (encoded == NULL) + return NULL; + } else { + encoded = NULL; + encoded_len = 0; + } + + buf = wpabuf_alloc(1000 + encoded_len); + if (buf == NULL) { + os_free(encoded); + return NULL; + } + + wpabuf_printf(buf, + "POST %s HTTP/1.1\r\n" + "Host: %s:%d\r\n" + "Content-Type: text/xml; charset=\"utf-8\"\r\n" + "Content-Length: ", + path, inet_ntoa(dst->sin_addr), ntohs(dst->sin_port)); + + *len_ptr = wpabuf_put(buf, 0); + wpabuf_printf(buf, + " \r\n" + "SOAPACTION: \"%s#%s\"\r\n" + "\r\n", + urn_wfawlanconfig, name); + + *body_ptr = wpabuf_put(buf, 0); + + wpabuf_put_str(buf, soap_prefix); + wpabuf_printf(buf, "<u:%s xmlns:u=\"", name); + wpabuf_put_str(buf, urn_wfawlanconfig); + wpabuf_put_str(buf, "\">\n"); + if (encoded) { + wpabuf_printf(buf, "<%s>%s</%s>\n", + arg_name, (char *) encoded, arg_name); + os_free(encoded); + } + + return buf; +} + + +static void wps_er_soap_end(struct wpabuf *buf, const char *name, + char *len_ptr, char *body_ptr) +{ + char len_buf[10]; + wpabuf_printf(buf, "</u:%s>\n", name); + wpabuf_put_str(buf, soap_postfix); + os_snprintf(len_buf, sizeof(len_buf), "%d", + (int) ((char *) wpabuf_put(buf, 0) - body_ptr)); + os_memcpy(len_ptr, len_buf, os_strlen(len_buf)); +} + + +static void wps_er_sta_send_msg(struct wps_er_sta *sta, struct wpabuf *msg) +{ + struct wpabuf *buf; + char *len_ptr, *body_ptr; + struct sockaddr_in dst; + char *url, *path; + + if (sta->http) { + wpa_printf(MSG_DEBUG, "WPS ER: Pending HTTP request for STA - " + "ignore new request"); + wpabuf_free(msg); + return; + } + + if (sta->ap->control_url == NULL) { + wpa_printf(MSG_DEBUG, "WPS ER: No controlURL for AP"); + wpabuf_free(msg); + return; + } + + url = http_client_url_parse(sta->ap->control_url, &dst, &path); + if (url == NULL) { + wpa_printf(MSG_DEBUG, "WPS ER: Failed to parse controlURL"); + wpabuf_free(msg); + return; + } + + buf = wps_er_soap_hdr(msg, "PutWLANResponse", "NewMessage", path, &dst, + &len_ptr, &body_ptr); + wpabuf_free(msg); + os_free(url); + if (buf == NULL) + return; + wpabuf_printf(buf, "<NewWLANEventType>%d</NewWLANEventType>\n", + UPNP_WPS_WLANEVENT_TYPE_EAP); + wpabuf_printf(buf, "<NewWLANEventMAC>" MACSTR "</NewWLANEventMAC>\n", + MAC2STR(sta->addr)); + + wps_er_soap_end(buf, "PutWLANResponse", len_ptr, body_ptr); + + sta->http = http_client_addr(&dst, buf, 1000, + wps_er_http_put_wlan_response_cb, sta); + if (sta->http == NULL) + wpabuf_free(buf); +} + + +static void wps_er_sta_process(struct wps_er_sta *sta, struct wpabuf *msg, + enum wsc_op_code op_code) +{ + enum wps_process_res res; + + res = wps_process_msg(sta->wps, op_code, msg); + if (res == WPS_CONTINUE) { + struct wpabuf *next = wps_get_msg(sta->wps, &op_code); + if (next) + wps_er_sta_send_msg(sta, next); + } else { + wpa_printf(MSG_DEBUG, "WPS ER: Protocol run %s with the " + "enrollee (res=%d)", + res == WPS_DONE ? "succeeded" : "failed", res); + wps_deinit(sta->wps); + sta->wps = NULL; + if (res == WPS_DONE) { + /* Remove the STA entry after short timeout */ + eloop_cancel_timeout(wps_er_sta_timeout, sta, NULL); + eloop_register_timeout(10, 0, wps_er_sta_timeout, sta, + NULL); + } + } +} + + +static void wps_er_sta_start(struct wps_er_sta *sta, struct wpabuf *msg) +{ + struct wps_config cfg; + + if (sta->wps) + wps_deinit(sta->wps); + + os_memset(&cfg, 0, sizeof(cfg)); + cfg.wps = sta->ap->er->wps; + cfg.registrar = 1; + cfg.peer_addr = sta->addr; + + sta->wps = wps_init(&cfg); + if (sta->wps == NULL) + return; + sta->wps->er = 1; + sta->wps->use_cred = sta->ap->ap_settings; + if (sta->ap->ap_settings) { + os_free(sta->cred); + sta->cred = os_malloc(sizeof(*sta->cred)); + if (sta->cred) { + os_memcpy(sta->cred, sta->ap->ap_settings, + sizeof(*sta->cred)); + sta->cred->cred_attr = NULL; + os_memcpy(sta->cred->mac_addr, sta->addr, ETH_ALEN); + sta->wps->use_cred = sta->cred; + } + } + + wps_er_sta_process(sta, msg, WSC_MSG); +} + + +static void wps_er_process_wlanevent_eap(struct wps_er_ap *ap, const u8 *addr, + struct wpabuf *msg) +{ + struct wps_parse_attr attr; + struct wps_er_sta *sta; + + wpa_printf(MSG_DEBUG, "WPS ER: WLANEvent - EAP - from " MACSTR, + MAC2STR(addr)); + wpa_hexdump_buf(MSG_MSGDUMP, "WPS ER: WLANEvent - Enrollee's message " + "(TLVs from EAP-WSC)", msg); + + if (wps_parse_msg(msg, &attr) < 0) { + wpa_printf(MSG_DEBUG, "WPS ER: Failed to parse TLVs in " + "WLANEvent message"); + return; + } + + sta = wps_er_add_sta_data(ap, addr, &attr, 0); + if (sta == NULL) + return; + + if (attr.msg_type && *attr.msg_type == WPS_M1) + wps_er_sta_start(sta, msg); + else if (sta->wps) { + enum wsc_op_code op_code = WSC_MSG; + if (attr.msg_type) { + switch (*attr.msg_type) { + case WPS_WSC_ACK: + op_code = WSC_ACK; + break; + case WPS_WSC_NACK: + op_code = WSC_NACK; + break; + case WPS_WSC_DONE: + op_code = WSC_Done; + break; + } + } + wps_er_sta_process(sta, msg, op_code); + } +} + + +static void wps_er_process_wlanevent(struct wps_er_ap *ap, + struct wpabuf *event) +{ + u8 *data; + u8 wlan_event_type; + u8 wlan_event_mac[ETH_ALEN]; + struct wpabuf msg; + + wpa_hexdump(MSG_MSGDUMP, "WPS ER: Received WLANEvent", + wpabuf_head(event), wpabuf_len(event)); + if (wpabuf_len(event) < 1 + 17) { + wpa_printf(MSG_DEBUG, "WPS ER: Too short WLANEvent"); + return; + } + + data = wpabuf_mhead(event); + wlan_event_type = data[0]; + if (hwaddr_aton((char *) data + 1, wlan_event_mac) < 0) { + wpa_printf(MSG_DEBUG, "WPS ER: Invalid WLANEventMAC in " + "WLANEvent"); + return; + } + + wpabuf_set(&msg, data + 1 + 17, wpabuf_len(event) - (1 + 17)); + + switch (wlan_event_type) { + case 1: + wps_er_process_wlanevent_probe_req(ap, wlan_event_mac, &msg); + break; + case 2: + wps_er_process_wlanevent_eap(ap, wlan_event_mac, &msg); + break; + default: + wpa_printf(MSG_DEBUG, "WPS ER: Unknown WLANEventType %d", + wlan_event_type); + break; + } +} + + +static void wps_er_http_event(struct wps_er *er, struct http_request *req, + unsigned int ap_id) +{ + struct wps_er_ap *ap = wps_er_ap_get_id(er, ap_id); + struct wpabuf *event; + enum http_reply_code ret; + + if (ap == NULL) { + wpa_printf(MSG_DEBUG, "WPS ER: HTTP event from unknown AP id " + "%u", ap_id); + wps_er_http_resp_not_found(req); + return; + } + wpa_printf(MSG_MSGDUMP, "WPS ER: HTTP event from AP id %u: %s", + ap_id, http_request_get_data(req)); + + event = xml_get_base64_item(http_request_get_data(req), "WLANEvent", + &ret); + if (event == NULL) { + wpa_printf(MSG_DEBUG, "WPS ER: Could not extract WLANEvent " + "from the event notification"); + /* + * Reply with OK anyway to avoid getting unregistered from + * events. + */ + wps_er_http_resp_ok(req); + return; + } + + wps_er_process_wlanevent(ap, event); + + wpabuf_free(event); + wps_er_http_resp_ok(req); +} + + +static void wps_er_http_notify(struct wps_er *er, struct http_request *req) +{ + char *uri = http_request_get_uri(req); + + if (os_strncmp(uri, "/event/", 7) == 0) { + unsigned int event_id; + char *pos; + event_id = atoi(uri + 7); + if (event_id != er->event_id) { + wpa_printf(MSG_DEBUG, "WPS ER: HTTP event for an " + "unknown event id %u", event_id); + return; + } + pos = os_strchr(uri + 7, '/'); + if (pos == NULL) + return; + pos++; + wps_er_http_event(er, req, atoi(pos)); + } else { + wpa_printf(MSG_DEBUG, "WPS ER: Unknown HTTP NOTIFY for '%s'", + uri); + wps_er_http_resp_not_found(req); + } +} + + +static void wps_er_http_req(void *ctx, struct http_request *req) +{ + struct wps_er *er = ctx; + struct sockaddr_in *cli = http_request_get_cli_addr(req); + enum httpread_hdr_type type = http_request_get_type(req); + struct wpabuf *buf; + + wpa_printf(MSG_DEBUG, "WPS ER: HTTP request: '%s' (type %d) from " + "%s:%d", + http_request_get_uri(req), type, + inet_ntoa(cli->sin_addr), ntohs(cli->sin_port)); + + switch (type) { + case HTTPREAD_HDR_TYPE_NOTIFY: + wps_er_http_notify(er, req); + break; + default: + wpa_printf(MSG_DEBUG, "WPS ER: Unsupported HTTP request type " + "%d", type); + buf = wpabuf_alloc(200); + if (buf == NULL) { + http_request_deinit(req); + return; + } + wpabuf_put_str(buf, + "HTTP/1.1 501 Unimplemented\r\n" + "Connection: close\r\n"); + http_put_date(buf); + wpabuf_put_str(buf, "\r\n"); + http_request_send_and_deinit(req, buf); + break; + } +} + + +struct wps_er * +wps_er_init(struct wps_context *wps, const char *ifname, const char *filter) +{ + struct wps_er *er; + struct in_addr addr; + + er = os_zalloc(sizeof(*er)); + if (er == NULL) + return NULL; + dl_list_init(&er->ap); + dl_list_init(&er->ap_unsubscribing); + dl_list_init(&er->ap_settings); + + er->multicast_sd = -1; + er->ssdp_sd = -1; + + os_strlcpy(er->ifname, ifname, sizeof(er->ifname)); + er->wps = wps; + if (os_get_random((unsigned char *) &er->event_id, + sizeof(er->event_id)) < 0) { + wps_er_deinit(er, NULL, NULL); + return NULL; + } + /* Limit event_id to < 32 bits to avoid issues with atoi() */ + er->event_id &= 0x0fffffff; + + if (filter) { + if (inet_aton(filter, &er->filter_addr) == 0) { + wpa_printf(MSG_INFO, "WPS UPnP: Invalid filter " + "address %s", filter); + wps_er_deinit(er, NULL, NULL); + return NULL; + } + wpa_printf(MSG_DEBUG, "WPS UPnP: Only accepting connections " + "with %s", filter); + } + if (get_netif_info(ifname, &er->ip_addr, &er->ip_addr_text, + er->mac_addr)) { + wpa_printf(MSG_INFO, "WPS UPnP: Could not get IP/MAC address " + "for %s. Does it have IP address?", ifname); + wps_er_deinit(er, NULL, NULL); + return NULL; + } + + if (wps_er_ssdp_init(er) < 0) { + wpa_printf(MSG_INFO, "WPS UPnP: SSDP initialization failed"); + wps_er_deinit(er, NULL, NULL); + return NULL; + } + + addr.s_addr = er->ip_addr; + er->http_srv = http_server_init(&addr, -1, wps_er_http_req, er); + if (er->http_srv == NULL) { + wpa_printf(MSG_INFO, "WPS UPnP: HTTP initialization failed"); + wps_er_deinit(er, NULL, NULL); + return NULL; + } + er->http_port = http_server_get_port(er->http_srv); + + wpa_printf(MSG_DEBUG, "WPS ER: Start (ifname=%s ip_addr=%s)", + er->ifname, er->ip_addr_text); + + return er; +} + + +void wps_er_refresh(struct wps_er *er) +{ + struct wps_er_ap *ap; + struct wps_er_sta *sta; + + dl_list_for_each(ap, &er->ap, struct wps_er_ap, list) { + wps_er_ap_event(er->wps, ap, WPS_EV_ER_AP_ADD); + dl_list_for_each(sta, &ap->sta, struct wps_er_sta, list) + wps_er_sta_event(er->wps, sta, WPS_EV_ER_ENROLLEE_ADD); + } + + wps_er_send_ssdp_msearch(er); +} + + +static void wps_er_deinit_finish(void *eloop_data, void *user_ctx) +{ + struct wps_er *er = eloop_data; + void (*deinit_done_cb)(void *ctx); + void *deinit_done_ctx; + + wpa_printf(MSG_DEBUG, "WPS ER: Finishing deinit"); + + deinit_done_cb = er->deinit_done_cb; + deinit_done_ctx = er->deinit_done_ctx; + os_free(er->ip_addr_text); + os_free(er); + + if (deinit_done_cb) + deinit_done_cb(deinit_done_ctx); +} + + +void wps_er_deinit(struct wps_er *er, void (*cb)(void *ctx), void *ctx) +{ + if (er == NULL) + return; + http_server_deinit(er->http_srv); + wps_er_ap_remove_all(er); + wps_er_ssdp_deinit(er); + eloop_register_timeout(dl_list_empty(&er->ap_unsubscribing) ? 0 : 5, 0, + wps_er_deinit_finish, er, NULL); + wpa_printf(MSG_DEBUG, "WPS ER: Finish deinit from timeout"); + er->deinitializing = 1; + er->deinit_done_cb = cb; + er->deinit_done_ctx = ctx; +} + + +static void wps_er_http_set_sel_reg_cb(void *ctx, struct http_client *c, + enum http_client_event event) +{ + struct wps_er_ap *ap = ctx; + union wps_event_data data; + + os_memset(&data, 0, sizeof(data)); + + switch (event) { + case HTTP_CLIENT_OK: + wpa_printf(MSG_DEBUG, "WPS ER: SetSelectedRegistrar OK"); + data.set_sel_reg.state = WPS_ER_SET_SEL_REG_DONE; + data.set_sel_reg.uuid = ap->uuid; + break; + case HTTP_CLIENT_FAILED: + case HTTP_CLIENT_INVALID_REPLY: + case HTTP_CLIENT_TIMEOUT: + wpa_printf(MSG_DEBUG, "WPS ER: SetSelectedRegistrar failed"); + data.set_sel_reg.state = WPS_ER_SET_SEL_REG_FAILED; + data.set_sel_reg.uuid = ap->uuid; + break; + } + http_client_free(ap->http); + ap->http = NULL; + + if (data.set_sel_reg.uuid) + ap->er->wps->event_cb(ap->er->wps->cb_ctx, + WPS_EV_ER_SET_SELECTED_REGISTRAR, &data); +} + + +static void wps_er_send_set_sel_reg(struct wps_er_ap *ap, struct wpabuf *msg) +{ + struct wpabuf *buf; + char *len_ptr, *body_ptr; + struct sockaddr_in dst; + char *url, *path; + + if (ap->control_url == NULL) { + wpa_printf(MSG_DEBUG, "WPS ER: No controlURL for AP"); + return; + } + + if (ap->http) { + wpa_printf(MSG_DEBUG, "WPS ER: Pending HTTP request for AP - " + "ignore new request"); + return; + } + + if (ap->wps) { + wpa_printf(MSG_DEBUG, "WPS ER: Pending WPS operation for AP - " + "skip SetSelectedRegistrar"); + return; + } + + url = http_client_url_parse(ap->control_url, &dst, &path); + if (url == NULL) { + wpa_printf(MSG_DEBUG, "WPS ER: Failed to parse controlURL"); + return; + } + + buf = wps_er_soap_hdr(msg, "SetSelectedRegistrar", "NewMessage", path, + &dst, &len_ptr, &body_ptr); + os_free(url); + if (buf == NULL) + return; + + wps_er_soap_end(buf, "SetSelectedRegistrar", len_ptr, body_ptr); + + ap->http = http_client_addr(&dst, buf, 1000, + wps_er_http_set_sel_reg_cb, ap); + if (ap->http == NULL) + wpabuf_free(buf); +} + + +static int wps_er_build_selected_registrar(struct wpabuf *msg, int sel_reg) +{ + wpabuf_put_be16(msg, ATTR_SELECTED_REGISTRAR); + wpabuf_put_be16(msg, 1); + wpabuf_put_u8(msg, !!sel_reg); + return 0; +} + + +static int wps_er_build_dev_password_id(struct wpabuf *msg, u16 dev_passwd_id) +{ + wpabuf_put_be16(msg, ATTR_DEV_PASSWORD_ID); + wpabuf_put_be16(msg, 2); + wpabuf_put_be16(msg, dev_passwd_id); + return 0; +} + + +static int wps_er_build_sel_reg_config_methods(struct wpabuf *msg, + u16 sel_reg_config_methods) +{ + wpabuf_put_be16(msg, ATTR_SELECTED_REGISTRAR_CONFIG_METHODS); + wpabuf_put_be16(msg, 2); + wpabuf_put_be16(msg, sel_reg_config_methods); + return 0; +} + + +static int wps_er_build_uuid_r(struct wpabuf *msg, const u8 *uuid_r) +{ +#ifdef CONFIG_WPS2 + wpabuf_put_be16(msg, ATTR_UUID_R); + wpabuf_put_be16(msg, WPS_UUID_LEN); + wpabuf_put_data(msg, uuid_r, WPS_UUID_LEN); +#endif /* CONFIG_WPS2 */ + return 0; +} + + +void wps_er_set_sel_reg(struct wps_er *er, int sel_reg, u16 dev_passwd_id, + u16 sel_reg_config_methods) +{ + struct wpabuf *msg; + struct wps_er_ap *ap; + struct wps_registrar *reg = er->wps->registrar; + const u8 *auth_macs; +#ifdef CONFIG_WPS2 + u8 bcast[ETH_ALEN]; +#endif /* CONFIG_WPS2 */ + size_t count; + union wps_event_data data; + + if (er->skip_set_sel_reg) { + wpa_printf(MSG_DEBUG, "WPS ER: Skip SetSelectedRegistrar"); + return; + } + + msg = wpabuf_alloc(500); + if (msg == NULL) + return; + + auth_macs = wps_authorized_macs(reg, &count); +#ifdef CONFIG_WPS2 + if (count == 0) { + os_memset(bcast, 0xff, ETH_ALEN); + auth_macs = bcast; + count = 1; + } +#endif /* CONFIG_WPS2 */ + + if (wps_build_version(msg) || + wps_er_build_selected_registrar(msg, sel_reg) || + wps_er_build_dev_password_id(msg, dev_passwd_id) || + wps_er_build_sel_reg_config_methods(msg, sel_reg_config_methods) || + wps_build_wfa_ext(msg, 0, auth_macs, count) || + wps_er_build_uuid_r(msg, er->wps->uuid)) { + wpabuf_free(msg); + return; + } + + os_memset(&data, 0, sizeof(data)); + data.set_sel_reg.sel_reg = sel_reg; + data.set_sel_reg.dev_passwd_id = dev_passwd_id; + data.set_sel_reg.sel_reg_config_methods = sel_reg_config_methods; + data.set_sel_reg.state = WPS_ER_SET_SEL_REG_START; + + dl_list_for_each(ap, &er->ap, struct wps_er_ap, list) { + if (er->set_sel_reg_uuid_filter && + os_memcmp(ap->uuid, er->set_sel_reg_uuid_filter, + WPS_UUID_LEN) != 0) + continue; + data.set_sel_reg.uuid = ap->uuid; + er->wps->event_cb(er->wps->cb_ctx, + WPS_EV_ER_SET_SELECTED_REGISTRAR, &data); + wps_er_send_set_sel_reg(ap, msg); + } + + wpabuf_free(msg); +} + + +int wps_er_pbc(struct wps_er *er, const u8 *uuid) +{ + int res; + struct wps_er_ap *ap; + + if (er == NULL || er->wps == NULL) + return -1; + + if (wps_registrar_pbc_overlap(er->wps->registrar, NULL, NULL)) { + wpa_printf(MSG_DEBUG, "WPS ER: PBC overlap - do not start PBC " + "mode"); + return -2; + } + + ap = wps_er_ap_get(er, NULL, uuid); + if (ap == NULL) { + struct wps_er_sta *sta = NULL; + dl_list_for_each(ap, &er->ap, struct wps_er_ap, list) { + sta = wps_er_sta_get(ap, NULL, uuid); + if (sta) { + uuid = ap->uuid; + break; + } + } + if (sta == NULL) + return -3; /* Unknown UUID */ + } + + if (ap->ap_settings == NULL) { + wpa_printf(MSG_DEBUG, "WPS ER: AP settings not known"); + return -4; + } + + er->set_sel_reg_uuid_filter = uuid; + res = wps_registrar_button_pushed(er->wps->registrar, NULL); + er->set_sel_reg_uuid_filter = NULL; + if (res) + return -1; + + return 0; +} + + +static void wps_er_ap_settings_cb(void *ctx, const struct wps_credential *cred) +{ + struct wps_er_ap *ap = ctx; + union wps_event_data data; + + wpa_printf(MSG_DEBUG, "WPS ER: AP Settings received"); + os_free(ap->ap_settings); + ap->ap_settings = os_malloc(sizeof(*cred)); + if (ap->ap_settings) { + os_memcpy(ap->ap_settings, cred, sizeof(*cred)); + ap->ap_settings->cred_attr = NULL; + } + + os_memset(&data, 0, sizeof(data)); + data.ap_settings.uuid = ap->uuid; + data.ap_settings.cred = cred; + ap->er->wps->event_cb(ap->er->wps->cb_ctx, WPS_EV_ER_AP_SETTINGS, + &data); +} + + +static void wps_er_http_put_message_cb(void *ctx, struct http_client *c, + enum http_client_event event) +{ + struct wps_er_ap *ap = ctx; + struct wpabuf *reply; + char *msg = NULL; + + switch (event) { + case HTTP_CLIENT_OK: + wpa_printf(MSG_DEBUG, "WPS ER: PutMessage OK"); + reply = http_client_get_body(c); + if (reply == NULL) + break; + msg = os_zalloc(wpabuf_len(reply) + 1); + if (msg == NULL) + break; + os_memcpy(msg, wpabuf_head(reply), wpabuf_len(reply)); + break; + case HTTP_CLIENT_FAILED: + case HTTP_CLIENT_INVALID_REPLY: + case HTTP_CLIENT_TIMEOUT: + wpa_printf(MSG_DEBUG, "WPS ER: PutMessage failed"); + if (ap->wps) { + wps_deinit(ap->wps); + ap->wps = NULL; + } + break; + } + http_client_free(ap->http); + ap->http = NULL; + + if (msg) { + struct wpabuf *buf; + enum http_reply_code ret; + buf = xml_get_base64_item(msg, "NewOutMessage", &ret); + os_free(msg); + if (buf == NULL) { + wpa_printf(MSG_DEBUG, "WPS ER: Could not extract " + "NewOutMessage from PutMessage response"); + wps_deinit(ap->wps); + ap->wps = NULL; + return; + } + wps_er_ap_process(ap, buf); + wpabuf_free(buf); + } +} + + +static void wps_er_ap_put_message(struct wps_er_ap *ap, + const struct wpabuf *msg) +{ + struct wpabuf *buf; + char *len_ptr, *body_ptr; + struct sockaddr_in dst; + char *url, *path; + + if (ap->http) { + wpa_printf(MSG_DEBUG, "WPS ER: Pending HTTP operation ongoing " + "with the AP - cannot continue learn"); + return; + } + + if (ap->control_url == NULL) { + wpa_printf(MSG_DEBUG, "WPS ER: No controlURL for AP"); + return; + } + + url = http_client_url_parse(ap->control_url, &dst, &path); + if (url == NULL) { + wpa_printf(MSG_DEBUG, "WPS ER: Failed to parse controlURL"); + return; + } + + buf = wps_er_soap_hdr(msg, "PutMessage", "NewInMessage", path, &dst, + &len_ptr, &body_ptr); + os_free(url); + if (buf == NULL) + return; + + wps_er_soap_end(buf, "PutMessage", len_ptr, body_ptr); + + ap->http = http_client_addr(&dst, buf, 10000, + wps_er_http_put_message_cb, ap); + if (ap->http == NULL) + wpabuf_free(buf); +} + + +static void wps_er_ap_process(struct wps_er_ap *ap, struct wpabuf *msg) +{ + enum wps_process_res res; + struct wps_parse_attr attr; + enum wsc_op_code op_code; + + op_code = WSC_MSG; + if (wps_parse_msg(msg, &attr) == 0 && attr.msg_type) { + switch (*attr.msg_type) { + case WPS_WSC_ACK: + op_code = WSC_ACK; + break; + case WPS_WSC_NACK: + op_code = WSC_NACK; + break; + case WPS_WSC_DONE: + op_code = WSC_Done; + break; + } + } + + res = wps_process_msg(ap->wps, op_code, msg); + if (res == WPS_CONTINUE) { + struct wpabuf *next = wps_get_msg(ap->wps, &op_code); + if (next) { + wps_er_ap_put_message(ap, next); + wpabuf_free(next); + } else { + wpa_printf(MSG_DEBUG, "WPS ER: Failed to build " + "message"); + wps_deinit(ap->wps); + ap->wps = NULL; + } + } else if (res == WPS_DONE) { + wpa_printf(MSG_DEBUG, "WPS ER: Protocol run done"); + wps_deinit(ap->wps); + ap->wps = NULL; + } else { + wpa_printf(MSG_DEBUG, "WPS ER: Failed to process message from " + "AP (res=%d)", res); + wps_deinit(ap->wps); + ap->wps = NULL; + } +} + + +static void wps_er_ap_learn_m1(struct wps_er_ap *ap, struct wpabuf *m1) +{ + struct wps_config cfg; + + if (ap->wps) { + wpa_printf(MSG_DEBUG, "WPS ER: Protocol run already in " + "progress with this AP"); + return; + } + + os_memset(&cfg, 0, sizeof(cfg)); + cfg.wps = ap->er->wps; + cfg.registrar = 1; + ap->wps = wps_init(&cfg); + if (ap->wps == NULL) + return; + ap->wps->ap_settings_cb = wps_er_ap_settings_cb; + ap->wps->ap_settings_cb_ctx = ap; + + wps_er_ap_process(ap, m1); +} + + +static void wps_er_ap_learn(struct wps_er_ap *ap, const char *dev_info) +{ + struct wpabuf *info; + enum http_reply_code ret; + + wpa_printf(MSG_DEBUG, "WPS ER: Received GetDeviceInfo response (M1) " + "from the AP"); + info = xml_get_base64_item(dev_info, "NewDeviceInfo", &ret); + if (info == NULL) { + wpa_printf(MSG_DEBUG, "WPS ER: Could not extract " + "NewDeviceInfo from GetDeviceInfo response"); + return; + } + + ap->m1_handler(ap, info); + wpabuf_free(info); +} + + +static void wps_er_http_get_dev_info_cb(void *ctx, struct http_client *c, + enum http_client_event event) +{ + struct wps_er_ap *ap = ctx; + struct wpabuf *reply; + char *dev_info = NULL; + + switch (event) { + case HTTP_CLIENT_OK: + wpa_printf(MSG_DEBUG, "WPS ER: GetDeviceInfo OK"); + reply = http_client_get_body(c); + if (reply == NULL) + break; + dev_info = os_zalloc(wpabuf_len(reply) + 1); + if (dev_info == NULL) + break; + os_memcpy(dev_info, wpabuf_head(reply), wpabuf_len(reply)); + break; + case HTTP_CLIENT_FAILED: + case HTTP_CLIENT_INVALID_REPLY: + case HTTP_CLIENT_TIMEOUT: + wpa_printf(MSG_DEBUG, "WPS ER: GetDeviceInfo failed"); + break; + } + http_client_free(ap->http); + ap->http = NULL; + + if (dev_info) { + wps_er_ap_learn(ap, dev_info); + os_free(dev_info); + } +} + + +static int wps_er_send_get_device_info(struct wps_er_ap *ap, + void (*m1_handler)(struct wps_er_ap *ap, + struct wpabuf *m1)) +{ + struct wpabuf *buf; + char *len_ptr, *body_ptr; + struct sockaddr_in dst; + char *url, *path; + + if (ap->http) { + wpa_printf(MSG_DEBUG, "WPS ER: Pending HTTP operation ongoing " + "with the AP - cannot get device info"); + return -1; + } + + if (ap->control_url == NULL) { + wpa_printf(MSG_DEBUG, "WPS ER: No controlURL for AP"); + return -1; + } + + url = http_client_url_parse(ap->control_url, &dst, &path); + if (url == NULL) { + wpa_printf(MSG_DEBUG, "WPS ER: Failed to parse controlURL"); + return -1; + } + + buf = wps_er_soap_hdr(NULL, "GetDeviceInfo", NULL, path, &dst, + &len_ptr, &body_ptr); + os_free(url); + if (buf == NULL) + return -1; + + wps_er_soap_end(buf, "GetDeviceInfo", len_ptr, body_ptr); + + ap->http = http_client_addr(&dst, buf, 10000, + wps_er_http_get_dev_info_cb, ap); + if (ap->http == NULL) { + wpabuf_free(buf); + return -1; + } + + ap->m1_handler = m1_handler; + + return 0; +} + + +int wps_er_learn(struct wps_er *er, const u8 *uuid, const u8 *pin, + size_t pin_len) +{ + struct wps_er_ap *ap; + + if (er == NULL) + return -1; + + ap = wps_er_ap_get(er, NULL, uuid); + if (ap == NULL) { + wpa_printf(MSG_DEBUG, "WPS ER: AP not found for learn " + "request"); + return -1; + } + if (ap->wps) { + wpa_printf(MSG_DEBUG, "WPS ER: Pending operation ongoing " + "with the AP - cannot start learn"); + return -1; + } + + if (wps_er_send_get_device_info(ap, wps_er_ap_learn_m1) < 0) + return -1; + + er->skip_set_sel_reg = 1; + wps_registrar_add_pin(er->wps->registrar, NULL, uuid, pin, pin_len, 0); + er->skip_set_sel_reg = 0; + + return 0; +} + + +int wps_er_set_config(struct wps_er *er, const u8 *uuid, + const struct wps_credential *cred) +{ + struct wps_er_ap *ap; + + if (er == NULL) + return -1; + + ap = wps_er_ap_get(er, NULL, uuid); + if (ap == NULL) { + wpa_printf(MSG_DEBUG, "WPS ER: AP not found for set config " + "request"); + return -1; + } + + os_free(ap->ap_settings); + ap->ap_settings = os_malloc(sizeof(*cred)); + if (ap->ap_settings == NULL) + return -1; + os_memcpy(ap->ap_settings, cred, sizeof(*cred)); + ap->ap_settings->cred_attr = NULL; + wpa_printf(MSG_DEBUG, "WPS ER: Updated local AP settings based set " + "config request"); + + return 0; +} + + +static void wps_er_ap_config_m1(struct wps_er_ap *ap, struct wpabuf *m1) +{ + struct wps_config cfg; + + if (ap->wps) { + wpa_printf(MSG_DEBUG, "WPS ER: Protocol run already in " + "progress with this AP"); + return; + } + + os_memset(&cfg, 0, sizeof(cfg)); + cfg.wps = ap->er->wps; + cfg.registrar = 1; + cfg.new_ap_settings = ap->ap_settings; + ap->wps = wps_init(&cfg); + if (ap->wps == NULL) + return; + ap->wps->ap_settings_cb = NULL; + ap->wps->ap_settings_cb_ctx = NULL; + + wps_er_ap_process(ap, m1); +} + + +int wps_er_config(struct wps_er *er, const u8 *uuid, const u8 *pin, + size_t pin_len, const struct wps_credential *cred) +{ + struct wps_er_ap *ap; + + if (er == NULL) + return -1; + + ap = wps_er_ap_get(er, NULL, uuid); + if (ap == NULL) { + wpa_printf(MSG_DEBUG, "WPS ER: AP not found for config " + "request"); + return -1; + } + if (ap->wps) { + wpa_printf(MSG_DEBUG, "WPS ER: Pending operation ongoing " + "with the AP - cannot start config"); + return -1; + } + + os_free(ap->ap_settings); + ap->ap_settings = os_malloc(sizeof(*cred)); + if (ap->ap_settings == NULL) + return -1; + os_memcpy(ap->ap_settings, cred, sizeof(*cred)); + ap->ap_settings->cred_attr = NULL; + + if (wps_er_send_get_device_info(ap, wps_er_ap_config_m1) < 0) + return -1; + + er->skip_set_sel_reg = 1; + wps_registrar_add_pin(er->wps->registrar, NULL, uuid, pin, pin_len, 0); + er->skip_set_sel_reg = 0; + + return 0; +} |