1 /* 2 * Wi-Fi Protected Setup - External Registrar 3 * Copyright (c) 2009-2013, Jouni Malinen <j@w1.fi> 4 * 5 * This software may be distributed under the terms of the BSD license. 6 * See README for more details. 7 */ 8 9 #include "includes.h" 10 11 #include "common.h" 12 #include "base64.h" 13 #include "uuid.h" 14 #include "eloop.h" 15 #include "httpread.h" 16 #include "http_client.h" 17 #include "http_server.h" 18 #include "upnp_xml.h" 19 #include "wps_i.h" 20 #include "wps_upnp.h" 21 #include "wps_upnp_i.h" 22 #include "wps_er.h" 23 24 25 static void wps_er_deinit_finish(void *eloop_data, void *user_ctx); 26 static void wps_er_ap_timeout(void *eloop_data, void *user_ctx); 27 static void wps_er_sta_timeout(void *eloop_data, void *user_ctx); 28 static void wps_er_ap_process(struct wps_er_ap *ap, struct wpabuf *msg); 29 static int wps_er_send_get_device_info(struct wps_er_ap *ap, 30 void (*m1_handler)(struct wps_er_ap *ap, 31 struct wpabuf *m1)); 32 33 34 static void wps_er_sta_event(struct wps_context *wps, struct wps_er_sta *sta, 35 enum wps_event event) 36 { 37 union wps_event_data data; 38 struct wps_event_er_enrollee *ev = &data.enrollee; 39 40 if (wps->event_cb == NULL) 41 return; 42 43 os_memset(&data, 0, sizeof(data)); 44 ev->uuid = sta->uuid; 45 ev->mac_addr = sta->addr; 46 ev->m1_received = sta->m1_received; 47 ev->config_methods = sta->config_methods; 48 ev->dev_passwd_id = sta->dev_passwd_id; 49 ev->pri_dev_type = sta->pri_dev_type; 50 ev->dev_name = sta->dev_name; 51 ev->manufacturer = sta->manufacturer; 52 ev->model_name = sta->model_name; 53 ev->model_number = sta->model_number; 54 ev->serial_number = sta->serial_number; 55 wps->event_cb(wps->cb_ctx, event, &data); 56 } 57 58 59 static struct wps_er_sta * wps_er_sta_get(struct wps_er_ap *ap, const u8 *addr, 60 const u8 *uuid) 61 { 62 struct wps_er_sta *sta; 63 dl_list_for_each(sta, &ap->sta, struct wps_er_sta, list) { 64 if ((addr == NULL || 65 os_memcmp(sta->addr, addr, ETH_ALEN) == 0) && 66 (uuid == NULL || 67 os_memcmp(uuid, sta->uuid, WPS_UUID_LEN) == 0)) 68 return sta; 69 } 70 return NULL; 71 } 72 73 74 static void wps_er_sta_free(struct wps_er_sta *sta) 75 { 76 wps_er_sta_event(sta->ap->er->wps, sta, WPS_EV_ER_ENROLLEE_REMOVE); 77 if (sta->wps) 78 wps_deinit(sta->wps); 79 os_free(sta->manufacturer); 80 os_free(sta->model_name); 81 os_free(sta->model_number); 82 os_free(sta->serial_number); 83 os_free(sta->dev_name); 84 http_client_free(sta->http); 85 eloop_cancel_timeout(wps_er_sta_timeout, sta, NULL); 86 os_free(sta->cred); 87 os_free(sta); 88 } 89 90 91 static void wps_er_sta_remove_all(struct wps_er_ap *ap) 92 { 93 struct wps_er_sta *prev, *sta; 94 dl_list_for_each_safe(sta, prev, &ap->sta, struct wps_er_sta, list) 95 wps_er_sta_free(sta); 96 } 97 98 99 static struct wps_er_ap * wps_er_ap_get(struct wps_er *er, 100 struct in_addr *addr, const u8 *uuid, 101 const u8 *mac_addr) 102 { 103 struct wps_er_ap *ap; 104 dl_list_for_each(ap, &er->ap, struct wps_er_ap, list) { 105 if ((addr == NULL || ap->addr.s_addr == addr->s_addr) && 106 (uuid == NULL || 107 os_memcmp(uuid, ap->uuid, WPS_UUID_LEN) == 0) && 108 (mac_addr == NULL || 109 os_memcmp(mac_addr, ap->mac_addr, ETH_ALEN) == 0)) 110 return ap; 111 } 112 return NULL; 113 } 114 115 116 static struct wps_er_ap * wps_er_ap_get_id(struct wps_er *er, unsigned int id) 117 { 118 struct wps_er_ap *ap; 119 dl_list_for_each(ap, &er->ap, struct wps_er_ap, list) { 120 if (ap->id == id) 121 return ap; 122 } 123 return NULL; 124 } 125 126 127 static void wps_er_ap_event(struct wps_context *wps, struct wps_er_ap *ap, 128 enum wps_event event) 129 { 130 union wps_event_data data; 131 struct wps_event_er_ap *evap = &data.ap; 132 133 if (wps->event_cb == NULL) 134 return; 135 136 os_memset(&data, 0, sizeof(data)); 137 evap->uuid = ap->uuid; 138 evap->friendly_name = ap->friendly_name; 139 evap->manufacturer = ap->manufacturer; 140 evap->manufacturer_url = ap->manufacturer_url; 141 evap->model_description = ap->model_description; 142 evap->model_name = ap->model_name; 143 evap->model_number = ap->model_number; 144 evap->model_url = ap->model_url; 145 evap->serial_number = ap->serial_number; 146 evap->upc = ap->upc; 147 evap->pri_dev_type = ap->pri_dev_type; 148 evap->wps_state = ap->wps_state; 149 evap->mac_addr = ap->mac_addr; 150 wps->event_cb(wps->cb_ctx, event, &data); 151 } 152 153 154 static void wps_er_ap_free(struct wps_er_ap *ap) 155 { 156 http_client_free(ap->http); 157 ap->http = NULL; 158 159 os_free(ap->location); 160 os_free(ap->friendly_name); 161 os_free(ap->manufacturer); 162 os_free(ap->manufacturer_url); 163 os_free(ap->model_description); 164 os_free(ap->model_name); 165 os_free(ap->model_number); 166 os_free(ap->model_url); 167 os_free(ap->serial_number); 168 os_free(ap->udn); 169 os_free(ap->upc); 170 171 os_free(ap->scpd_url); 172 os_free(ap->control_url); 173 os_free(ap->event_sub_url); 174 175 os_free(ap->ap_settings); 176 177 os_free(ap); 178 } 179 180 181 static void wps_er_ap_unsubscribed(struct wps_er *er, struct wps_er_ap *ap) 182 { 183 wpa_printf(MSG_DEBUG, "WPS ER: Unsubscribed from AP %s (%s)", 184 inet_ntoa(ap->addr), ap->location); 185 dl_list_del(&ap->list); 186 wps_er_ap_free(ap); 187 188 if (er->deinitializing && dl_list_empty(&er->ap_unsubscribing)) 189 wps_er_deinit_finish(er, NULL); 190 } 191 192 193 static void wps_er_http_unsubscribe_cb(void *ctx, struct http_client *c, 194 enum http_client_event event) 195 { 196 struct wps_er_ap *ap = ctx; 197 198 switch (event) { 199 case HTTP_CLIENT_OK: 200 wpa_printf(MSG_DEBUG, "WPS ER: Unsubscribed from events"); 201 ap->subscribed = 0; 202 break; 203 case HTTP_CLIENT_FAILED: 204 case HTTP_CLIENT_INVALID_REPLY: 205 case HTTP_CLIENT_TIMEOUT: 206 wpa_printf(MSG_DEBUG, "WPS ER: Failed to unsubscribe from " 207 "events"); 208 break; 209 } 210 http_client_free(ap->http); 211 ap->http = NULL; 212 213 /* 214 * Need to get rid of the AP entry regardless of whether we managed to 215 * unsubscribe cleanly or not. 216 */ 217 wps_er_ap_unsubscribed(ap->er, ap); 218 } 219 220 221 static void wps_er_ap_unsubscribe(struct wps_er *er, struct wps_er_ap *ap) 222 { 223 struct wpabuf *req; 224 struct sockaddr_in dst; 225 char *url, *path; 226 char sid[100]; 227 228 if (ap->event_sub_url == NULL) { 229 wpa_printf(MSG_DEBUG, "WPS ER: No eventSubURL - cannot " 230 "subscribe"); 231 goto fail; 232 } 233 if (ap->http) { 234 wpa_printf(MSG_DEBUG, "WPS ER: Pending HTTP request - cannot " 235 "send subscribe request"); 236 goto fail; 237 } 238 239 url = http_client_url_parse(ap->event_sub_url, &dst, &path); 240 if (url == NULL) { 241 wpa_printf(MSG_DEBUG, "WPS ER: Failed to parse eventSubURL"); 242 goto fail; 243 } 244 245 req = wpabuf_alloc(os_strlen(ap->event_sub_url) + 1000); 246 if (req == NULL) { 247 os_free(url); 248 goto fail; 249 } 250 uuid_bin2str(ap->sid, sid, sizeof(sid)); 251 wpabuf_printf(req, 252 "UNSUBSCRIBE %s HTTP/1.1\r\n" 253 "HOST: %s:%d\r\n" 254 "SID: uuid:%s\r\n" 255 "\r\n", 256 path, inet_ntoa(dst.sin_addr), ntohs(dst.sin_port), sid); 257 os_free(url); 258 wpa_hexdump_ascii(MSG_MSGDUMP, "WPS ER: Unsubscription request", 259 wpabuf_head(req), wpabuf_len(req)); 260 261 ap->http = http_client_addr(&dst, req, 1000, 262 wps_er_http_unsubscribe_cb, ap); 263 if (ap->http == NULL) { 264 wpabuf_free(req); 265 goto fail; 266 } 267 return; 268 269 fail: 270 /* 271 * Need to get rid of the AP entry even when we fail to unsubscribe 272 * cleanly. 273 */ 274 wps_er_ap_unsubscribed(ap->er, ap); 275 } 276 277 278 static struct wps_er_ap_settings * wps_er_ap_get_settings(struct wps_er *er, 279 const u8 *uuid) 280 { 281 struct wps_er_ap_settings *s; 282 dl_list_for_each(s, &er->ap_settings, struct wps_er_ap_settings, list) 283 if (os_memcmp(uuid, s->uuid, WPS_UUID_LEN) == 0) 284 return s; 285 return NULL; 286 } 287 288 289 int wps_er_ap_cache_settings(struct wps_er *er, struct in_addr *addr) 290 { 291 struct wps_er_ap *ap; 292 struct wps_er_ap_settings *settings; 293 294 ap = wps_er_ap_get(er, addr, NULL, NULL); 295 if (ap == NULL || ap->ap_settings == NULL) 296 return -1; 297 298 settings = wps_er_ap_get_settings(er, ap->uuid); 299 if (!settings) { 300 settings = os_zalloc(sizeof(*settings)); 301 if (settings == NULL) 302 return -1; 303 os_memcpy(settings->uuid, ap->uuid, WPS_UUID_LEN); 304 dl_list_add(&er->ap_settings, &settings->list); 305 } 306 os_memcpy(&settings->ap_settings, ap->ap_settings, 307 sizeof(struct wps_credential)); 308 309 return 0; 310 } 311 312 313 static int wps_er_ap_use_cached_settings(struct wps_er *er, 314 struct wps_er_ap *ap) 315 { 316 struct wps_er_ap_settings *s; 317 318 if (ap->ap_settings) 319 return 0; 320 321 s = wps_er_ap_get_settings(ap->er, ap->uuid); 322 if (!s) 323 return -1; 324 325 ap->ap_settings = os_malloc(sizeof(*ap->ap_settings)); 326 if (ap->ap_settings == NULL) 327 return -1; 328 329 os_memcpy(ap->ap_settings, &s->ap_settings, sizeof(*ap->ap_settings)); 330 wpa_printf(MSG_DEBUG, "WPS ER: Use cached AP settings"); 331 return 0; 332 } 333 334 335 static void wps_er_ap_remove_entry(struct wps_er *er, struct wps_er_ap *ap) 336 { 337 wpa_printf(MSG_DEBUG, "WPS ER: Removing AP entry for %s (%s)", 338 inet_ntoa(ap->addr), ap->location); 339 eloop_cancel_timeout(wps_er_ap_timeout, er, ap); 340 wps_er_sta_remove_all(ap); 341 wps_er_ap_event(er->wps, ap, WPS_EV_ER_AP_REMOVE); 342 http_client_free(ap->http); 343 ap->http = NULL; 344 if (ap->wps) { 345 wps_deinit(ap->wps); 346 ap->wps = NULL; 347 } 348 349 dl_list_del(&ap->list); 350 if (ap->subscribed) { 351 dl_list_add(&er->ap_unsubscribing, &ap->list); 352 wps_er_ap_unsubscribe(er, ap); 353 } else 354 wps_er_ap_free(ap); 355 } 356 357 358 static void wps_er_ap_timeout(void *eloop_data, void *user_ctx) 359 { 360 struct wps_er *er = eloop_data; 361 struct wps_er_ap *ap = user_ctx; 362 wpa_printf(MSG_DEBUG, "WPS ER: AP advertisement timed out"); 363 wps_er_ap_remove_entry(er, ap); 364 } 365 366 367 static int wps_er_get_sid(struct wps_er_ap *ap, char *sid) 368 { 369 char *pos; 370 char txt[100]; 371 372 if (!sid) { 373 wpa_printf(MSG_DEBUG, "WPS ER: No SID received from %s (%s)", 374 inet_ntoa(ap->addr), ap->location); 375 return -1; 376 } 377 378 pos = os_strstr(sid, "uuid:"); 379 if (!pos) { 380 wpa_printf(MSG_DEBUG, "WPS ER: Invalid SID received from " 381 "%s (%s): '%s'", inet_ntoa(ap->addr), ap->location, 382 sid); 383 return -1; 384 } 385 386 pos += 5; 387 if (uuid_str2bin(pos, ap->sid) < 0) { 388 wpa_printf(MSG_DEBUG, "WPS ER: Invalid SID received from " 389 "%s (%s): '%s'", inet_ntoa(ap->addr), ap->location, 390 sid); 391 return -1; 392 } 393 394 uuid_bin2str(ap->sid, txt, sizeof(txt)); 395 wpa_printf(MSG_DEBUG, "WPS ER: SID for subscription with %s (%s): %s", 396 inet_ntoa(ap->addr), ap->location, txt); 397 398 return 0; 399 } 400 401 402 static void wps_er_http_subscribe_cb(void *ctx, struct http_client *c, 403 enum http_client_event event) 404 { 405 struct wps_er_ap *ap = ctx; 406 407 switch (event) { 408 case HTTP_CLIENT_OK: 409 wpa_printf(MSG_DEBUG, "WPS ER: Subscribed to events"); 410 ap->subscribed = 1; 411 wps_er_get_sid(ap, http_client_get_hdr_line(c, "SID")); 412 wps_er_ap_use_cached_settings(ap->er, ap); 413 wps_er_ap_event(ap->er->wps, ap, WPS_EV_ER_AP_ADD); 414 break; 415 case HTTP_CLIENT_FAILED: 416 case HTTP_CLIENT_INVALID_REPLY: 417 case HTTP_CLIENT_TIMEOUT: 418 wpa_printf(MSG_DEBUG, "WPS ER: Failed to subscribe to events"); 419 break; 420 } 421 http_client_free(ap->http); 422 ap->http = NULL; 423 } 424 425 426 static void wps_er_subscribe(struct wps_er_ap *ap) 427 { 428 struct wpabuf *req; 429 struct sockaddr_in dst; 430 char *url, *path; 431 432 if (ap->event_sub_url == NULL) { 433 wpa_printf(MSG_DEBUG, "WPS ER: No eventSubURL - cannot " 434 "subscribe"); 435 return; 436 } 437 if (ap->http) { 438 wpa_printf(MSG_DEBUG, "WPS ER: Pending HTTP request - cannot " 439 "send subscribe request"); 440 return; 441 } 442 443 url = http_client_url_parse(ap->event_sub_url, &dst, &path); 444 if (url == NULL) { 445 wpa_printf(MSG_DEBUG, "WPS ER: Failed to parse eventSubURL"); 446 return; 447 } 448 449 req = wpabuf_alloc(os_strlen(ap->event_sub_url) + 1000); 450 if (req == NULL) { 451 os_free(url); 452 return; 453 } 454 wpabuf_printf(req, 455 "SUBSCRIBE %s HTTP/1.1\r\n" 456 "HOST: %s:%d\r\n" 457 "CALLBACK: <http://%s:%d/event/%u/%u>\r\n" 458 "NT: upnp:event\r\n" 459 "TIMEOUT: Second-%d\r\n" 460 "\r\n", 461 path, inet_ntoa(dst.sin_addr), ntohs(dst.sin_port), 462 ap->er->ip_addr_text, ap->er->http_port, 463 ap->er->event_id, ap->id, 1800); 464 os_free(url); 465 wpa_hexdump_ascii(MSG_MSGDUMP, "WPS ER: Subscription request", 466 wpabuf_head(req), wpabuf_len(req)); 467 468 ap->http = http_client_addr(&dst, req, 1000, wps_er_http_subscribe_cb, 469 ap); 470 if (ap->http == NULL) 471 wpabuf_free(req); 472 } 473 474 475 static void wps_er_ap_get_m1(struct wps_er_ap *ap, struct wpabuf *m1) 476 { 477 struct wps_parse_attr attr; 478 479 if (wps_parse_msg(m1, &attr) < 0) { 480 wpa_printf(MSG_DEBUG, "WPS ER: Failed to parse M1"); 481 return; 482 } 483 if (attr.primary_dev_type) 484 os_memcpy(ap->pri_dev_type, attr.primary_dev_type, 8); 485 if (attr.wps_state) 486 ap->wps_state = *attr.wps_state; 487 if (attr.mac_addr) 488 os_memcpy(ap->mac_addr, attr.mac_addr, ETH_ALEN); 489 490 wps_er_subscribe(ap); 491 } 492 493 494 static void wps_er_get_device_info(struct wps_er_ap *ap) 495 { 496 wps_er_send_get_device_info(ap, wps_er_ap_get_m1); 497 } 498 499 500 static const char * wps_er_find_wfadevice(const char *data) 501 { 502 const char *tag, *tagname, *end; 503 char *val; 504 int found = 0; 505 506 while (!found) { 507 /* Find next <device> */ 508 for (;;) { 509 if (xml_next_tag(data, &tag, &tagname, &end)) 510 return NULL; 511 data = end; 512 if (!os_strncasecmp(tagname, "device", 6) && 513 *tag != '/' && 514 (tagname[6] == '>' || !isgraph(tagname[6]))) { 515 break; 516 } 517 } 518 519 /* Check whether deviceType is WFADevice */ 520 val = xml_get_first_item(data, "deviceType"); 521 if (val == NULL) 522 return NULL; 523 wpa_printf(MSG_DEBUG, "WPS ER: Found deviceType '%s'", val); 524 found = os_strcasecmp(val, "urn:schemas-wifialliance-org:" 525 "device:WFADevice:1") == 0; 526 os_free(val); 527 } 528 529 return data; 530 } 531 532 533 static void wps_er_parse_device_description(struct wps_er_ap *ap, 534 struct wpabuf *reply) 535 { 536 /* Note: reply includes null termination after the buffer data */ 537 const char *tmp, *data = wpabuf_head(reply); 538 char *pos; 539 540 wpa_hexdump_ascii(MSG_MSGDUMP, "WPS ER: Device info", 541 wpabuf_head(reply), wpabuf_len(reply)); 542 543 /* 544 * The root device description may include multiple devices, so first 545 * find the beginning of the WFADevice description to allow the 546 * simplistic parser to pick the correct entries. 547 */ 548 tmp = wps_er_find_wfadevice(data); 549 if (tmp == NULL) { 550 wpa_printf(MSG_DEBUG, "WPS ER: WFADevice:1 device not found - " 551 "trying to parse invalid data"); 552 } else 553 data = tmp; 554 555 ap->friendly_name = xml_get_first_item(data, "friendlyName"); 556 wpa_printf(MSG_DEBUG, "WPS ER: friendlyName='%s'", ap->friendly_name); 557 558 ap->manufacturer = xml_get_first_item(data, "manufacturer"); 559 wpa_printf(MSG_DEBUG, "WPS ER: manufacturer='%s'", ap->manufacturer); 560 561 ap->manufacturer_url = xml_get_first_item(data, "manufacturerURL"); 562 wpa_printf(MSG_DEBUG, "WPS ER: manufacturerURL='%s'", 563 ap->manufacturer_url); 564 565 ap->model_description = xml_get_first_item(data, "modelDescription"); 566 wpa_printf(MSG_DEBUG, "WPS ER: modelDescription='%s'", 567 ap->model_description); 568 569 ap->model_name = xml_get_first_item(data, "modelName"); 570 wpa_printf(MSG_DEBUG, "WPS ER: modelName='%s'", ap->model_name); 571 572 ap->model_number = xml_get_first_item(data, "modelNumber"); 573 wpa_printf(MSG_DEBUG, "WPS ER: modelNumber='%s'", ap->model_number); 574 575 ap->model_url = xml_get_first_item(data, "modelURL"); 576 wpa_printf(MSG_DEBUG, "WPS ER: modelURL='%s'", ap->model_url); 577 578 ap->serial_number = xml_get_first_item(data, "serialNumber"); 579 wpa_printf(MSG_DEBUG, "WPS ER: serialNumber='%s'", ap->serial_number); 580 581 ap->udn = xml_get_first_item(data, "UDN"); 582 if (ap->udn) { 583 wpa_printf(MSG_DEBUG, "WPS ER: UDN='%s'", ap->udn); 584 pos = os_strstr(ap->udn, "uuid:"); 585 if (pos) { 586 pos += 5; 587 if (uuid_str2bin(pos, ap->uuid) < 0) 588 wpa_printf(MSG_DEBUG, 589 "WPS ER: Invalid UUID in UDN"); 590 } 591 } 592 593 ap->upc = xml_get_first_item(data, "UPC"); 594 wpa_printf(MSG_DEBUG, "WPS ER: UPC='%s'", ap->upc); 595 596 ap->scpd_url = http_link_update( 597 xml_get_first_item(data, "SCPDURL"), ap->location); 598 wpa_printf(MSG_DEBUG, "WPS ER: SCPDURL='%s'", ap->scpd_url); 599 600 ap->control_url = http_link_update( 601 xml_get_first_item(data, "controlURL"), ap->location); 602 wpa_printf(MSG_DEBUG, "WPS ER: controlURL='%s'", ap->control_url); 603 604 ap->event_sub_url = http_link_update( 605 xml_get_first_item(data, "eventSubURL"), ap->location); 606 wpa_printf(MSG_DEBUG, "WPS ER: eventSubURL='%s'", ap->event_sub_url); 607 } 608 609 610 static void wps_er_http_dev_desc_cb(void *ctx, struct http_client *c, 611 enum http_client_event event) 612 { 613 struct wps_er_ap *ap = ctx; 614 struct wpabuf *reply; 615 int ok = 0; 616 617 switch (event) { 618 case HTTP_CLIENT_OK: 619 reply = http_client_get_body(c); 620 if (reply == NULL) 621 break; 622 wps_er_parse_device_description(ap, reply); 623 ok = 1; 624 break; 625 case HTTP_CLIENT_FAILED: 626 case HTTP_CLIENT_INVALID_REPLY: 627 case HTTP_CLIENT_TIMEOUT: 628 wpa_printf(MSG_DEBUG, "WPS ER: Failed to fetch device info"); 629 break; 630 } 631 http_client_free(ap->http); 632 ap->http = NULL; 633 if (ok) 634 wps_er_get_device_info(ap); 635 } 636 637 638 void wps_er_ap_add(struct wps_er *er, const u8 *uuid, struct in_addr *addr, 639 const char *location, int max_age) 640 { 641 struct wps_er_ap *ap; 642 643 ap = wps_er_ap_get(er, addr, uuid, NULL); 644 if (ap) { 645 /* Update advertisement timeout */ 646 eloop_cancel_timeout(wps_er_ap_timeout, er, ap); 647 eloop_register_timeout(max_age, 0, wps_er_ap_timeout, er, ap); 648 return; 649 } 650 651 ap = os_zalloc(sizeof(*ap)); 652 if (ap == NULL) 653 return; 654 dl_list_init(&ap->sta); 655 ap->er = er; 656 ap->id = ++er->next_ap_id; 657 ap->location = os_strdup(location); 658 if (ap->location == NULL) { 659 os_free(ap); 660 return; 661 } 662 dl_list_add(&er->ap, &ap->list); 663 664 ap->addr.s_addr = addr->s_addr; 665 os_memcpy(ap->uuid, uuid, WPS_UUID_LEN); 666 eloop_register_timeout(max_age, 0, wps_er_ap_timeout, er, ap); 667 668 wpa_printf(MSG_DEBUG, "WPS ER: Added AP entry for %s (%s)", 669 inet_ntoa(ap->addr), ap->location); 670 671 /* Fetch device description */ 672 ap->http = http_client_url(ap->location, NULL, 10000, 673 wps_er_http_dev_desc_cb, ap); 674 } 675 676 677 void wps_er_ap_remove(struct wps_er *er, struct in_addr *addr) 678 { 679 struct wps_er_ap *ap; 680 dl_list_for_each(ap, &er->ap, struct wps_er_ap, list) { 681 if (ap->addr.s_addr == addr->s_addr) { 682 wps_er_ap_remove_entry(er, ap); 683 return; 684 } 685 } 686 } 687 688 689 static void wps_er_ap_remove_all(struct wps_er *er) 690 { 691 struct wps_er_ap *prev, *ap; 692 struct wps_er_ap_settings *prev_s, *s; 693 dl_list_for_each_safe(ap, prev, &er->ap, struct wps_er_ap, list) 694 wps_er_ap_remove_entry(er, ap); 695 dl_list_for_each_safe(s, prev_s, &er->ap_settings, 696 struct wps_er_ap_settings, list) 697 os_free(s); 698 } 699 700 701 static void http_put_date(struct wpabuf *buf) 702 { 703 wpabuf_put_str(buf, "Date: "); 704 format_date(buf); 705 wpabuf_put_str(buf, "\r\n"); 706 } 707 708 709 static void wps_er_http_resp_not_found(struct http_request *req) 710 { 711 struct wpabuf *buf; 712 buf = wpabuf_alloc(200); 713 if (buf == NULL) { 714 http_request_deinit(req); 715 return; 716 } 717 718 wpabuf_put_str(buf, 719 "HTTP/1.1 404 Not Found\r\n" 720 "Server: unspecified, UPnP/1.0, unspecified\r\n" 721 "Connection: close\r\n"); 722 http_put_date(buf); 723 wpabuf_put_str(buf, "\r\n"); 724 http_request_send_and_deinit(req, buf); 725 } 726 727 728 static void wps_er_http_resp_ok(struct http_request *req) 729 { 730 struct wpabuf *buf; 731 buf = wpabuf_alloc(200); 732 if (buf == NULL) { 733 http_request_deinit(req); 734 return; 735 } 736 737 wpabuf_put_str(buf, 738 "HTTP/1.1 200 OK\r\n" 739 "Server: unspecified, UPnP/1.0, unspecified\r\n" 740 "Connection: close\r\n" 741 "Content-Length: 0\r\n"); 742 http_put_date(buf); 743 wpabuf_put_str(buf, "\r\n"); 744 http_request_send_and_deinit(req, buf); 745 } 746 747 748 static void wps_er_sta_timeout(void *eloop_data, void *user_ctx) 749 { 750 struct wps_er_sta *sta = eloop_data; 751 wpa_printf(MSG_DEBUG, "WPS ER: STA entry timed out"); 752 dl_list_del(&sta->list); 753 wps_er_sta_free(sta); 754 } 755 756 757 static struct wps_er_sta * wps_er_add_sta_data(struct wps_er_ap *ap, 758 const u8 *addr, 759 struct wps_parse_attr *attr, 760 int probe_req) 761 { 762 struct wps_er_sta *sta = wps_er_sta_get(ap, addr, NULL); 763 int new_sta = 0; 764 int m1; 765 766 m1 = !probe_req && attr->msg_type && *attr->msg_type == WPS_M1; 767 768 if (sta == NULL) { 769 /* 770 * Only allow new STA entry to be added based on Probe Request 771 * or M1. This will filter out bogus events and anything that 772 * may have been ongoing at the time ER subscribed for events. 773 */ 774 if (!probe_req && !m1) 775 return NULL; 776 777 sta = os_zalloc(sizeof(*sta)); 778 if (sta == NULL) 779 return NULL; 780 os_memcpy(sta->addr, addr, ETH_ALEN); 781 sta->ap = ap; 782 dl_list_add(&ap->sta, &sta->list); 783 new_sta = 1; 784 } 785 786 if (m1) 787 sta->m1_received = 1; 788 789 if (attr->config_methods && (!probe_req || !sta->m1_received)) 790 sta->config_methods = WPA_GET_BE16(attr->config_methods); 791 if (attr->uuid_e && (!probe_req || !sta->m1_received)) 792 os_memcpy(sta->uuid, attr->uuid_e, WPS_UUID_LEN); 793 if (attr->primary_dev_type && (!probe_req || !sta->m1_received)) 794 os_memcpy(sta->pri_dev_type, attr->primary_dev_type, 8); 795 if (attr->dev_password_id && (!probe_req || !sta->m1_received)) 796 sta->dev_passwd_id = WPA_GET_BE16(attr->dev_password_id); 797 798 if (attr->manufacturer) { 799 os_free(sta->manufacturer); 800 sta->manufacturer = dup_binstr(attr->manufacturer, 801 attr->manufacturer_len); 802 } 803 804 if (attr->model_name) { 805 os_free(sta->model_name); 806 sta->model_name = dup_binstr(attr->model_name, 807 attr->model_name_len); 808 } 809 810 if (attr->model_number) { 811 os_free(sta->model_number); 812 sta->model_number = dup_binstr(attr->model_number, 813 attr->model_number_len); 814 } 815 816 if (attr->serial_number) { 817 os_free(sta->serial_number); 818 sta->serial_number = dup_binstr(attr->serial_number, 819 attr->serial_number_len); 820 } 821 822 if (attr->dev_name) { 823 os_free(sta->dev_name); 824 sta->dev_name = dup_binstr(attr->dev_name, attr->dev_name_len); 825 } 826 827 eloop_cancel_timeout(wps_er_sta_timeout, sta, NULL); 828 eloop_register_timeout(300, 0, wps_er_sta_timeout, sta, NULL); 829 830 if (m1 || new_sta) 831 wps_er_sta_event(ap->er->wps, sta, WPS_EV_ER_ENROLLEE_ADD); 832 833 return sta; 834 } 835 836 837 static void wps_er_process_wlanevent_probe_req(struct wps_er_ap *ap, 838 const u8 *addr, 839 struct wpabuf *msg) 840 { 841 struct wps_parse_attr attr; 842 843 wpa_printf(MSG_DEBUG, "WPS ER: WLANEvent - Probe Request - from " 844 MACSTR, MAC2STR(addr)); 845 wpa_hexdump_buf(MSG_MSGDUMP, "WPS ER: WLANEvent - Enrollee's message " 846 "(TLVs from Probe Request)", msg); 847 848 if (wps_validate_probe_req(msg, addr) < 0) { 849 wpa_printf(MSG_INFO, "WPS-STRICT: ER: Ignore invalid proxied " 850 "Probe Request frame from " MACSTR, MAC2STR(addr)); 851 return; 852 } 853 854 if (wps_parse_msg(msg, &attr) < 0) { 855 wpa_printf(MSG_DEBUG, "WPS ER: Failed to parse TLVs in " 856 "WLANEvent message"); 857 return; 858 } 859 860 wps_er_add_sta_data(ap, addr, &attr, 1); 861 wps_registrar_probe_req_rx(ap->er->wps->registrar, addr, msg, 0); 862 } 863 864 865 static void wps_er_http_put_wlan_response_cb(void *ctx, struct http_client *c, 866 enum http_client_event event) 867 { 868 struct wps_er_sta *sta = ctx; 869 870 switch (event) { 871 case HTTP_CLIENT_OK: 872 wpa_printf(MSG_DEBUG, "WPS ER: PutWLANResponse OK"); 873 break; 874 case HTTP_CLIENT_FAILED: 875 case HTTP_CLIENT_INVALID_REPLY: 876 case HTTP_CLIENT_TIMEOUT: 877 wpa_printf(MSG_DEBUG, "WPS ER: PutWLANResponse failed"); 878 break; 879 } 880 http_client_free(sta->http); 881 sta->http = NULL; 882 } 883 884 885 static const char *soap_prefix = 886 "<?xml version=\"1.0\"?>\n" 887 "<s:Envelope xmlns:s=\"http://schemas.xmlsoap.org/soap/envelope/\" " 888 "s:encodingStyle=\"http://schemas.xmlsoap.org/soap/encoding/\">\n" 889 "<s:Body>\n"; 890 static const char *soap_postfix = 891 "</s:Body>\n</s:Envelope>\n"; 892 static const char *urn_wfawlanconfig = 893 "urn:schemas-wifialliance-org:service:WFAWLANConfig:1"; 894 895 static struct wpabuf * wps_er_soap_hdr(const struct wpabuf *msg, 896 const char *name, const char *arg_name, 897 const char *path, 898 const struct sockaddr_in *dst, 899 char **len_ptr, char **body_ptr) 900 { 901 unsigned char *encoded; 902 size_t encoded_len; 903 struct wpabuf *buf; 904 905 if (msg) { 906 encoded = base64_encode(wpabuf_head(msg), wpabuf_len(msg), 907 &encoded_len); 908 if (encoded == NULL) 909 return NULL; 910 } else { 911 encoded = NULL; 912 encoded_len = 0; 913 } 914 915 buf = wpabuf_alloc(1000 + encoded_len); 916 if (buf == NULL) { 917 os_free(encoded); 918 return NULL; 919 } 920 921 wpabuf_printf(buf, 922 "POST %s HTTP/1.1\r\n" 923 "Host: %s:%d\r\n" 924 "Content-Type: text/xml; charset=\"utf-8\"\r\n" 925 "Content-Length: ", 926 path, inet_ntoa(dst->sin_addr), ntohs(dst->sin_port)); 927 928 *len_ptr = wpabuf_put(buf, 0); 929 wpabuf_printf(buf, 930 " \r\n" 931 "SOAPACTION: \"%s#%s\"\r\n" 932 "\r\n", 933 urn_wfawlanconfig, name); 934 935 *body_ptr = wpabuf_put(buf, 0); 936 937 wpabuf_put_str(buf, soap_prefix); 938 wpabuf_printf(buf, "<u:%s xmlns:u=\"", name); 939 wpabuf_put_str(buf, urn_wfawlanconfig); 940 wpabuf_put_str(buf, "\">\n"); 941 if (encoded) { 942 wpabuf_printf(buf, "<%s>%s</%s>\n", 943 arg_name, (char *) encoded, arg_name); 944 os_free(encoded); 945 } 946 947 return buf; 948 } 949 950 951 static void wps_er_soap_end(struct wpabuf *buf, const char *name, 952 char *len_ptr, char *body_ptr) 953 { 954 char len_buf[10]; 955 wpabuf_printf(buf, "</u:%s>\n", name); 956 wpabuf_put_str(buf, soap_postfix); 957 os_snprintf(len_buf, sizeof(len_buf), "%d", 958 (int) ((char *) wpabuf_put(buf, 0) - body_ptr)); 959 os_memcpy(len_ptr, len_buf, os_strlen(len_buf)); 960 } 961 962 963 static void wps_er_sta_send_msg(struct wps_er_sta *sta, struct wpabuf *msg) 964 { 965 struct wpabuf *buf; 966 char *len_ptr, *body_ptr; 967 struct sockaddr_in dst; 968 char *url, *path; 969 970 if (sta->http) { 971 wpa_printf(MSG_DEBUG, "WPS ER: Pending HTTP request for STA - " 972 "ignore new request"); 973 wpabuf_free(msg); 974 return; 975 } 976 977 if (sta->ap->control_url == NULL) { 978 wpa_printf(MSG_DEBUG, "WPS ER: No controlURL for AP"); 979 wpabuf_free(msg); 980 return; 981 } 982 983 url = http_client_url_parse(sta->ap->control_url, &dst, &path); 984 if (url == NULL) { 985 wpa_printf(MSG_DEBUG, "WPS ER: Failed to parse controlURL"); 986 wpabuf_free(msg); 987 return; 988 } 989 990 buf = wps_er_soap_hdr(msg, "PutWLANResponse", "NewMessage", path, &dst, 991 &len_ptr, &body_ptr); 992 wpabuf_free(msg); 993 os_free(url); 994 if (buf == NULL) 995 return; 996 wpabuf_printf(buf, "<NewWLANEventType>%d</NewWLANEventType>\n", 997 UPNP_WPS_WLANEVENT_TYPE_EAP); 998 wpabuf_printf(buf, "<NewWLANEventMAC>" MACSTR "</NewWLANEventMAC>\n", 999 MAC2STR(sta->addr)); 1000 1001 wps_er_soap_end(buf, "PutWLANResponse", len_ptr, body_ptr); 1002 1003 sta->http = http_client_addr(&dst, buf, 1000, 1004 wps_er_http_put_wlan_response_cb, sta); 1005 if (sta->http == NULL) 1006 wpabuf_free(buf); 1007 } 1008 1009 1010 static void wps_er_sta_process(struct wps_er_sta *sta, struct wpabuf *msg, 1011 enum wsc_op_code op_code) 1012 { 1013 enum wps_process_res res; 1014 1015 res = wps_process_msg(sta->wps, op_code, msg); 1016 if (res == WPS_CONTINUE) { 1017 struct wpabuf *next = wps_get_msg(sta->wps, &op_code); 1018 if (next) 1019 wps_er_sta_send_msg(sta, next); 1020 } else { 1021 wpa_printf(MSG_DEBUG, "WPS ER: Protocol run %s with the " 1022 "enrollee (res=%d)", 1023 res == WPS_DONE ? "succeeded" : "failed", res); 1024 wps_deinit(sta->wps); 1025 sta->wps = NULL; 1026 if (res == WPS_DONE) { 1027 /* Remove the STA entry after short timeout */ 1028 eloop_cancel_timeout(wps_er_sta_timeout, sta, NULL); 1029 eloop_register_timeout(10, 0, wps_er_sta_timeout, sta, 1030 NULL); 1031 } 1032 } 1033 } 1034 1035 1036 static void wps_er_sta_start(struct wps_er_sta *sta, struct wpabuf *msg) 1037 { 1038 struct wps_config cfg; 1039 1040 if (sta->wps) 1041 wps_deinit(sta->wps); 1042 1043 os_memset(&cfg, 0, sizeof(cfg)); 1044 cfg.wps = sta->ap->er->wps; 1045 cfg.registrar = 1; 1046 cfg.peer_addr = sta->addr; 1047 1048 sta->wps = wps_init(&cfg); 1049 if (sta->wps == NULL) 1050 return; 1051 sta->wps->er = 1; 1052 sta->wps->use_cred = sta->ap->ap_settings; 1053 if (sta->ap->ap_settings) { 1054 os_free(sta->cred); 1055 sta->cred = os_malloc(sizeof(*sta->cred)); 1056 if (sta->cred) { 1057 os_memcpy(sta->cred, sta->ap->ap_settings, 1058 sizeof(*sta->cred)); 1059 sta->cred->cred_attr = NULL; 1060 os_memcpy(sta->cred->mac_addr, sta->addr, ETH_ALEN); 1061 sta->wps->use_cred = sta->cred; 1062 } 1063 } 1064 1065 wps_er_sta_process(sta, msg, WSC_MSG); 1066 } 1067 1068 1069 static void wps_er_process_wlanevent_eap(struct wps_er_ap *ap, const u8 *addr, 1070 struct wpabuf *msg) 1071 { 1072 struct wps_parse_attr attr; 1073 struct wps_er_sta *sta; 1074 1075 wpa_printf(MSG_DEBUG, "WPS ER: WLANEvent - EAP - from " MACSTR, 1076 MAC2STR(addr)); 1077 wpa_hexdump_buf(MSG_MSGDUMP, "WPS ER: WLANEvent - Enrollee's message " 1078 "(TLVs from EAP-WSC)", msg); 1079 1080 if (wps_parse_msg(msg, &attr) < 0) { 1081 wpa_printf(MSG_DEBUG, "WPS ER: Failed to parse TLVs in " 1082 "WLANEvent message"); 1083 return; 1084 } 1085 1086 sta = wps_er_add_sta_data(ap, addr, &attr, 0); 1087 if (sta == NULL) 1088 return; 1089 1090 if (attr.msg_type && *attr.msg_type == WPS_M1) 1091 wps_er_sta_start(sta, msg); 1092 else if (sta->wps) { 1093 enum wsc_op_code op_code = WSC_MSG; 1094 if (attr.msg_type) { 1095 switch (*attr.msg_type) { 1096 case WPS_WSC_ACK: 1097 op_code = WSC_ACK; 1098 break; 1099 case WPS_WSC_NACK: 1100 op_code = WSC_NACK; 1101 break; 1102 case WPS_WSC_DONE: 1103 op_code = WSC_Done; 1104 break; 1105 } 1106 } 1107 wps_er_sta_process(sta, msg, op_code); 1108 } 1109 } 1110 1111 1112 static void wps_er_process_wlanevent(struct wps_er_ap *ap, 1113 struct wpabuf *event) 1114 { 1115 u8 *data; 1116 u8 wlan_event_type; 1117 u8 wlan_event_mac[ETH_ALEN]; 1118 struct wpabuf msg; 1119 1120 wpa_hexdump(MSG_MSGDUMP, "WPS ER: Received WLANEvent", 1121 wpabuf_head(event), wpabuf_len(event)); 1122 if (wpabuf_len(event) < 1 + 17) { 1123 wpa_printf(MSG_DEBUG, "WPS ER: Too short WLANEvent"); 1124 return; 1125 } 1126 1127 data = wpabuf_mhead(event); 1128 wlan_event_type = data[0]; 1129 if (hwaddr_aton((char *) data + 1, wlan_event_mac) < 0) { 1130 wpa_printf(MSG_DEBUG, "WPS ER: Invalid WLANEventMAC in " 1131 "WLANEvent"); 1132 return; 1133 } 1134 1135 wpabuf_set(&msg, data + 1 + 17, wpabuf_len(event) - (1 + 17)); 1136 1137 switch (wlan_event_type) { 1138 case 1: 1139 wps_er_process_wlanevent_probe_req(ap, wlan_event_mac, &msg); 1140 break; 1141 case 2: 1142 wps_er_process_wlanevent_eap(ap, wlan_event_mac, &msg); 1143 break; 1144 default: 1145 wpa_printf(MSG_DEBUG, "WPS ER: Unknown WLANEventType %d", 1146 wlan_event_type); 1147 break; 1148 } 1149 } 1150 1151 1152 static void wps_er_http_event(struct wps_er *er, struct http_request *req, 1153 unsigned int ap_id) 1154 { 1155 struct wps_er_ap *ap = wps_er_ap_get_id(er, ap_id); 1156 struct wpabuf *event; 1157 enum http_reply_code ret; 1158 1159 if (ap == NULL) { 1160 wpa_printf(MSG_DEBUG, "WPS ER: HTTP event from unknown AP id " 1161 "%u", ap_id); 1162 wps_er_http_resp_not_found(req); 1163 return; 1164 } 1165 wpa_printf(MSG_MSGDUMP, "WPS ER: HTTP event from AP id %u: %s", 1166 ap_id, http_request_get_data(req)); 1167 1168 event = xml_get_base64_item(http_request_get_data(req), "WLANEvent", 1169 &ret); 1170 if (event == NULL) { 1171 wpa_printf(MSG_DEBUG, "WPS ER: Could not extract WLANEvent " 1172 "from the event notification"); 1173 /* 1174 * Reply with OK anyway to avoid getting unregistered from 1175 * events. 1176 */ 1177 wps_er_http_resp_ok(req); 1178 return; 1179 } 1180 1181 wps_er_process_wlanevent(ap, event); 1182 1183 wpabuf_free(event); 1184 wps_er_http_resp_ok(req); 1185 } 1186 1187 1188 static void wps_er_http_notify(struct wps_er *er, struct http_request *req) 1189 { 1190 char *uri = http_request_get_uri(req); 1191 1192 if (os_strncmp(uri, "/event/", 7) == 0) { 1193 unsigned int event_id; 1194 char *pos; 1195 event_id = atoi(uri + 7); 1196 if (event_id != er->event_id) { 1197 wpa_printf(MSG_DEBUG, "WPS ER: HTTP event for an " 1198 "unknown event id %u", event_id); 1199 return; 1200 } 1201 pos = os_strchr(uri + 7, '/'); 1202 if (pos == NULL) 1203 return; 1204 pos++; 1205 wps_er_http_event(er, req, atoi(pos)); 1206 } else { 1207 wpa_printf(MSG_DEBUG, "WPS ER: Unknown HTTP NOTIFY for '%s'", 1208 uri); 1209 wps_er_http_resp_not_found(req); 1210 } 1211 } 1212 1213 1214 static void wps_er_http_req(void *ctx, struct http_request *req) 1215 { 1216 struct wps_er *er = ctx; 1217 struct sockaddr_in *cli = http_request_get_cli_addr(req); 1218 enum httpread_hdr_type type = http_request_get_type(req); 1219 struct wpabuf *buf; 1220 1221 wpa_printf(MSG_DEBUG, "WPS ER: HTTP request: '%s' (type %d) from " 1222 "%s:%d", 1223 http_request_get_uri(req), type, 1224 inet_ntoa(cli->sin_addr), ntohs(cli->sin_port)); 1225 1226 switch (type) { 1227 case HTTPREAD_HDR_TYPE_NOTIFY: 1228 wps_er_http_notify(er, req); 1229 break; 1230 default: 1231 wpa_printf(MSG_DEBUG, "WPS ER: Unsupported HTTP request type " 1232 "%d", type); 1233 buf = wpabuf_alloc(200); 1234 if (buf == NULL) { 1235 http_request_deinit(req); 1236 return; 1237 } 1238 wpabuf_put_str(buf, 1239 "HTTP/1.1 501 Unimplemented\r\n" 1240 "Connection: close\r\n"); 1241 http_put_date(buf); 1242 wpabuf_put_str(buf, "\r\n"); 1243 http_request_send_and_deinit(req, buf); 1244 break; 1245 } 1246 } 1247 1248 1249 struct wps_er * 1250 wps_er_init(struct wps_context *wps, const char *ifname, const char *filter) 1251 { 1252 struct wps_er *er; 1253 struct in_addr addr; 1254 1255 er = os_zalloc(sizeof(*er)); 1256 if (er == NULL) 1257 return NULL; 1258 dl_list_init(&er->ap); 1259 dl_list_init(&er->ap_unsubscribing); 1260 dl_list_init(&er->ap_settings); 1261 1262 er->multicast_sd = -1; 1263 er->ssdp_sd = -1; 1264 1265 os_strlcpy(er->ifname, ifname, sizeof(er->ifname)); 1266 er->wps = wps; 1267 if (os_get_random((unsigned char *) &er->event_id, 1268 sizeof(er->event_id)) < 0) { 1269 wps_er_deinit(er, NULL, NULL); 1270 return NULL; 1271 } 1272 /* Limit event_id to < 32 bits to avoid issues with atoi() */ 1273 er->event_id &= 0x0fffffff; 1274 1275 if (filter && os_strncmp(filter, "ifname=", 7) == 0) { 1276 const char *pos, *end; 1277 pos = filter + 7; 1278 end = os_strchr(pos, ' '); 1279 if (end) { 1280 size_t len = end - pos; 1281 os_strlcpy(er->ifname, pos, len < sizeof(er->ifname) ? 1282 len + 1 : sizeof(er->ifname)); 1283 filter = end + 1; 1284 } else { 1285 os_strlcpy(er->ifname, pos, sizeof(er->ifname)); 1286 filter = NULL; 1287 } 1288 er->forced_ifname = 1; 1289 } 1290 1291 if (filter) { 1292 if (inet_aton(filter, &er->filter_addr) == 0) { 1293 wpa_printf(MSG_INFO, "WPS UPnP: Invalid filter " 1294 "address %s", filter); 1295 wps_er_deinit(er, NULL, NULL); 1296 return NULL; 1297 } 1298 wpa_printf(MSG_DEBUG, "WPS UPnP: Only accepting connections " 1299 "with %s", filter); 1300 } 1301 if (get_netif_info(er->ifname, &er->ip_addr, &er->ip_addr_text, 1302 er->mac_addr)) { 1303 wpa_printf(MSG_INFO, "WPS UPnP: Could not get IP/MAC address " 1304 "for %s. Does it have IP address?", er->ifname); 1305 wps_er_deinit(er, NULL, NULL); 1306 return NULL; 1307 } 1308 1309 if (wps_er_ssdp_init(er) < 0) { 1310 wpa_printf(MSG_INFO, "WPS UPnP: SSDP initialization failed"); 1311 wps_er_deinit(er, NULL, NULL); 1312 return NULL; 1313 } 1314 1315 addr.s_addr = er->ip_addr; 1316 er->http_srv = http_server_init(&addr, -1, wps_er_http_req, er); 1317 if (er->http_srv == NULL) { 1318 wpa_printf(MSG_INFO, "WPS UPnP: HTTP initialization failed"); 1319 wps_er_deinit(er, NULL, NULL); 1320 return NULL; 1321 } 1322 er->http_port = http_server_get_port(er->http_srv); 1323 1324 wpa_printf(MSG_DEBUG, "WPS ER: Start (ifname=%s ip_addr=%s)", 1325 er->ifname, er->ip_addr_text); 1326 1327 return er; 1328 } 1329 1330 1331 void wps_er_refresh(struct wps_er *er) 1332 { 1333 struct wps_er_ap *ap; 1334 struct wps_er_sta *sta; 1335 1336 dl_list_for_each(ap, &er->ap, struct wps_er_ap, list) { 1337 wps_er_ap_event(er->wps, ap, WPS_EV_ER_AP_ADD); 1338 dl_list_for_each(sta, &ap->sta, struct wps_er_sta, list) 1339 wps_er_sta_event(er->wps, sta, WPS_EV_ER_ENROLLEE_ADD); 1340 } 1341 1342 wps_er_send_ssdp_msearch(er); 1343 } 1344 1345 1346 static void wps_er_deinit_finish(void *eloop_data, void *user_ctx) 1347 { 1348 struct wps_er *er = eloop_data; 1349 void (*deinit_done_cb)(void *ctx); 1350 void *deinit_done_ctx; 1351 struct wps_er_ap *ap, *tmp; 1352 1353 wpa_printf(MSG_DEBUG, "WPS ER: Finishing deinit"); 1354 1355 dl_list_for_each_safe(ap, tmp, &er->ap_unsubscribing, struct wps_er_ap, 1356 list) { 1357 wpa_printf(MSG_DEBUG, "WPS ER: AP entry for %s (%s) still in ap_unsubscribing list - free it", 1358 inet_ntoa(ap->addr), ap->location); 1359 dl_list_del(&ap->list); 1360 wps_er_ap_free(ap); 1361 } 1362 1363 eloop_cancel_timeout(wps_er_deinit_finish, er, NULL); 1364 deinit_done_cb = er->deinit_done_cb; 1365 deinit_done_ctx = er->deinit_done_ctx; 1366 os_free(er->ip_addr_text); 1367 os_free(er); 1368 1369 if (deinit_done_cb) 1370 deinit_done_cb(deinit_done_ctx); 1371 } 1372 1373 1374 void wps_er_deinit(struct wps_er *er, void (*cb)(void *ctx), void *ctx) 1375 { 1376 if (er == NULL) 1377 return; 1378 http_server_deinit(er->http_srv); 1379 wps_er_ap_remove_all(er); 1380 wps_er_ssdp_deinit(er); 1381 eloop_register_timeout(dl_list_empty(&er->ap_unsubscribing) ? 0 : 5, 0, 1382 wps_er_deinit_finish, er, NULL); 1383 wpa_printf(MSG_DEBUG, "WPS ER: Finish deinit from timeout"); 1384 er->deinitializing = 1; 1385 er->deinit_done_cb = cb; 1386 er->deinit_done_ctx = ctx; 1387 } 1388 1389 1390 static void wps_er_http_set_sel_reg_cb(void *ctx, struct http_client *c, 1391 enum http_client_event event) 1392 { 1393 struct wps_er_ap *ap = ctx; 1394 union wps_event_data data; 1395 1396 os_memset(&data, 0, sizeof(data)); 1397 1398 switch (event) { 1399 case HTTP_CLIENT_OK: 1400 wpa_printf(MSG_DEBUG, "WPS ER: SetSelectedRegistrar OK"); 1401 data.set_sel_reg.state = WPS_ER_SET_SEL_REG_DONE; 1402 data.set_sel_reg.uuid = ap->uuid; 1403 break; 1404 case HTTP_CLIENT_FAILED: 1405 case HTTP_CLIENT_INVALID_REPLY: 1406 case HTTP_CLIENT_TIMEOUT: 1407 wpa_printf(MSG_DEBUG, "WPS ER: SetSelectedRegistrar failed"); 1408 data.set_sel_reg.state = WPS_ER_SET_SEL_REG_FAILED; 1409 data.set_sel_reg.uuid = ap->uuid; 1410 break; 1411 } 1412 http_client_free(ap->http); 1413 ap->http = NULL; 1414 1415 if (data.set_sel_reg.uuid) 1416 ap->er->wps->event_cb(ap->er->wps->cb_ctx, 1417 WPS_EV_ER_SET_SELECTED_REGISTRAR, &data); 1418 } 1419 1420 1421 static void wps_er_send_set_sel_reg(struct wps_er_ap *ap, struct wpabuf *msg) 1422 { 1423 struct wpabuf *buf; 1424 char *len_ptr, *body_ptr; 1425 struct sockaddr_in dst; 1426 char *url, *path; 1427 1428 if (ap->control_url == NULL) { 1429 wpa_printf(MSG_DEBUG, "WPS ER: No controlURL for AP"); 1430 return; 1431 } 1432 1433 if (ap->http) { 1434 wpa_printf(MSG_DEBUG, "WPS ER: Pending HTTP request for AP - " 1435 "ignore new request"); 1436 return; 1437 } 1438 1439 if (ap->wps) { 1440 wpa_printf(MSG_DEBUG, "WPS ER: Pending WPS operation for AP - " 1441 "skip SetSelectedRegistrar"); 1442 return; 1443 } 1444 1445 url = http_client_url_parse(ap->control_url, &dst, &path); 1446 if (url == NULL) { 1447 wpa_printf(MSG_DEBUG, "WPS ER: Failed to parse controlURL"); 1448 return; 1449 } 1450 1451 buf = wps_er_soap_hdr(msg, "SetSelectedRegistrar", "NewMessage", path, 1452 &dst, &len_ptr, &body_ptr); 1453 os_free(url); 1454 if (buf == NULL) 1455 return; 1456 1457 wps_er_soap_end(buf, "SetSelectedRegistrar", len_ptr, body_ptr); 1458 1459 ap->http = http_client_addr(&dst, buf, 1000, 1460 wps_er_http_set_sel_reg_cb, ap); 1461 if (ap->http == NULL) 1462 wpabuf_free(buf); 1463 } 1464 1465 1466 static int wps_er_build_selected_registrar(struct wpabuf *msg, int sel_reg) 1467 { 1468 wpabuf_put_be16(msg, ATTR_SELECTED_REGISTRAR); 1469 wpabuf_put_be16(msg, 1); 1470 wpabuf_put_u8(msg, !!sel_reg); 1471 return 0; 1472 } 1473 1474 1475 static int wps_er_build_dev_password_id(struct wpabuf *msg, u16 dev_passwd_id) 1476 { 1477 wpabuf_put_be16(msg, ATTR_DEV_PASSWORD_ID); 1478 wpabuf_put_be16(msg, 2); 1479 wpabuf_put_be16(msg, dev_passwd_id); 1480 return 0; 1481 } 1482 1483 1484 static int wps_er_build_sel_reg_config_methods(struct wpabuf *msg, 1485 u16 sel_reg_config_methods) 1486 { 1487 wpabuf_put_be16(msg, ATTR_SELECTED_REGISTRAR_CONFIG_METHODS); 1488 wpabuf_put_be16(msg, 2); 1489 wpabuf_put_be16(msg, sel_reg_config_methods); 1490 return 0; 1491 } 1492 1493 1494 static int wps_er_build_uuid_r(struct wpabuf *msg, const u8 *uuid_r) 1495 { 1496 wpabuf_put_be16(msg, ATTR_UUID_R); 1497 wpabuf_put_be16(msg, WPS_UUID_LEN); 1498 wpabuf_put_data(msg, uuid_r, WPS_UUID_LEN); 1499 return 0; 1500 } 1501 1502 1503 void wps_er_set_sel_reg(struct wps_er *er, int sel_reg, u16 dev_passwd_id, 1504 u16 sel_reg_config_methods) 1505 { 1506 struct wpabuf *msg; 1507 struct wps_er_ap *ap; 1508 struct wps_registrar *reg = er->wps->registrar; 1509 const u8 *auth_macs; 1510 u8 bcast[ETH_ALEN]; 1511 size_t count; 1512 union wps_event_data data; 1513 1514 if (er->skip_set_sel_reg) { 1515 wpa_printf(MSG_DEBUG, "WPS ER: Skip SetSelectedRegistrar"); 1516 return; 1517 } 1518 1519 msg = wpabuf_alloc(500); 1520 if (msg == NULL) 1521 return; 1522 1523 auth_macs = wps_authorized_macs(reg, &count); 1524 if (count == 0) { 1525 os_memset(bcast, 0xff, ETH_ALEN); 1526 auth_macs = bcast; 1527 count = 1; 1528 } 1529 1530 if (wps_build_version(msg) || 1531 wps_er_build_selected_registrar(msg, sel_reg) || 1532 wps_er_build_dev_password_id(msg, dev_passwd_id) || 1533 wps_er_build_sel_reg_config_methods(msg, sel_reg_config_methods) || 1534 wps_build_wfa_ext(msg, 0, auth_macs, count) || 1535 wps_er_build_uuid_r(msg, er->wps->uuid)) { 1536 wpabuf_free(msg); 1537 return; 1538 } 1539 1540 os_memset(&data, 0, sizeof(data)); 1541 data.set_sel_reg.sel_reg = sel_reg; 1542 data.set_sel_reg.dev_passwd_id = dev_passwd_id; 1543 data.set_sel_reg.sel_reg_config_methods = sel_reg_config_methods; 1544 data.set_sel_reg.state = WPS_ER_SET_SEL_REG_START; 1545 1546 dl_list_for_each(ap, &er->ap, struct wps_er_ap, list) { 1547 if (er->set_sel_reg_uuid_filter && 1548 os_memcmp(ap->uuid, er->set_sel_reg_uuid_filter, 1549 WPS_UUID_LEN) != 0) 1550 continue; 1551 data.set_sel_reg.uuid = ap->uuid; 1552 er->wps->event_cb(er->wps->cb_ctx, 1553 WPS_EV_ER_SET_SELECTED_REGISTRAR, &data); 1554 wps_er_send_set_sel_reg(ap, msg); 1555 } 1556 1557 wpabuf_free(msg); 1558 } 1559 1560 1561 int wps_er_pbc(struct wps_er *er, const u8 *uuid, const u8 *addr) 1562 { 1563 int res; 1564 struct wps_er_ap *ap; 1565 1566 if (er == NULL || er->wps == NULL) 1567 return -1; 1568 1569 if (wps_registrar_pbc_overlap(er->wps->registrar, NULL, NULL)) { 1570 wpa_printf(MSG_DEBUG, "WPS ER: PBC overlap - do not start PBC " 1571 "mode"); 1572 return -2; 1573 } 1574 1575 if (uuid) 1576 ap = wps_er_ap_get(er, NULL, uuid, NULL); 1577 else 1578 ap = NULL; 1579 if (ap == NULL) { 1580 struct wps_er_sta *sta = NULL; 1581 dl_list_for_each(ap, &er->ap, struct wps_er_ap, list) { 1582 sta = wps_er_sta_get(ap, addr, uuid); 1583 if (sta) { 1584 uuid = ap->uuid; 1585 break; 1586 } 1587 } 1588 if (sta == NULL) 1589 return -3; /* Unknown UUID */ 1590 } 1591 1592 if (ap->ap_settings == NULL) { 1593 wpa_printf(MSG_DEBUG, "WPS ER: AP settings not known"); 1594 return -4; 1595 } 1596 1597 er->set_sel_reg_uuid_filter = uuid; 1598 res = wps_registrar_button_pushed(er->wps->registrar, NULL); 1599 er->set_sel_reg_uuid_filter = NULL; 1600 if (res) 1601 return -1; 1602 1603 return 0; 1604 } 1605 1606 1607 static void wps_er_ap_settings_cb(void *ctx, const struct wps_credential *cred) 1608 { 1609 struct wps_er_ap *ap = ctx; 1610 union wps_event_data data; 1611 1612 wpa_printf(MSG_DEBUG, "WPS ER: AP Settings received"); 1613 os_free(ap->ap_settings); 1614 ap->ap_settings = os_malloc(sizeof(*cred)); 1615 if (ap->ap_settings) { 1616 os_memcpy(ap->ap_settings, cred, sizeof(*cred)); 1617 ap->ap_settings->cred_attr = NULL; 1618 } 1619 1620 os_memset(&data, 0, sizeof(data)); 1621 data.ap_settings.uuid = ap->uuid; 1622 data.ap_settings.cred = cred; 1623 ap->er->wps->event_cb(ap->er->wps->cb_ctx, WPS_EV_ER_AP_SETTINGS, 1624 &data); 1625 } 1626 1627 1628 const u8 * wps_er_get_sta_uuid(struct wps_er *er, const u8 *addr) 1629 { 1630 struct wps_er_ap *ap; 1631 dl_list_for_each(ap, &er->ap, struct wps_er_ap, list) { 1632 struct wps_er_sta *sta; 1633 sta = wps_er_sta_get(ap, addr, NULL); 1634 if (sta) 1635 return sta->uuid; 1636 } 1637 return NULL; 1638 } 1639 1640 1641 static void wps_er_http_put_message_cb(void *ctx, struct http_client *c, 1642 enum http_client_event event) 1643 { 1644 struct wps_er_ap *ap = ctx; 1645 struct wpabuf *reply; 1646 char *msg = NULL; 1647 1648 switch (event) { 1649 case HTTP_CLIENT_OK: 1650 wpa_printf(MSG_DEBUG, "WPS ER: PutMessage OK"); 1651 reply = http_client_get_body(c); 1652 if (reply) 1653 msg = os_zalloc(wpabuf_len(reply) + 1); 1654 if (msg == NULL) { 1655 if (ap->wps) { 1656 wps_deinit(ap->wps); 1657 ap->wps = NULL; 1658 } 1659 break; 1660 } 1661 os_memcpy(msg, wpabuf_head(reply), wpabuf_len(reply)); 1662 break; 1663 case HTTP_CLIENT_FAILED: 1664 case HTTP_CLIENT_INVALID_REPLY: 1665 case HTTP_CLIENT_TIMEOUT: 1666 wpa_printf(MSG_DEBUG, "WPS ER: PutMessage failed"); 1667 if (ap->wps) { 1668 wps_deinit(ap->wps); 1669 ap->wps = NULL; 1670 } 1671 break; 1672 } 1673 http_client_free(ap->http); 1674 ap->http = NULL; 1675 1676 if (msg) { 1677 struct wpabuf *buf; 1678 enum http_reply_code ret; 1679 buf = xml_get_base64_item(msg, "NewOutMessage", &ret); 1680 os_free(msg); 1681 if (buf == NULL) { 1682 wpa_printf(MSG_DEBUG, "WPS ER: Could not extract " 1683 "NewOutMessage from PutMessage response"); 1684 wps_deinit(ap->wps); 1685 ap->wps = NULL; 1686 return; 1687 } 1688 wps_er_ap_process(ap, buf); 1689 wpabuf_free(buf); 1690 } 1691 } 1692 1693 1694 static void wps_er_ap_put_message(struct wps_er_ap *ap, 1695 const struct wpabuf *msg) 1696 { 1697 struct wpabuf *buf; 1698 char *len_ptr, *body_ptr; 1699 struct sockaddr_in dst; 1700 char *url, *path; 1701 1702 if (ap->http) { 1703 wpa_printf(MSG_DEBUG, "WPS ER: Pending HTTP operation ongoing " 1704 "with the AP - cannot continue learn"); 1705 return; 1706 } 1707 1708 if (ap->control_url == NULL) { 1709 wpa_printf(MSG_DEBUG, "WPS ER: No controlURL for AP"); 1710 return; 1711 } 1712 1713 url = http_client_url_parse(ap->control_url, &dst, &path); 1714 if (url == NULL) { 1715 wpa_printf(MSG_DEBUG, "WPS ER: Failed to parse controlURL"); 1716 goto fail; 1717 } 1718 1719 buf = wps_er_soap_hdr(msg, "PutMessage", "NewInMessage", path, &dst, 1720 &len_ptr, &body_ptr); 1721 os_free(url); 1722 if (buf == NULL) 1723 goto fail; 1724 1725 wps_er_soap_end(buf, "PutMessage", len_ptr, body_ptr); 1726 1727 ap->http = http_client_addr(&dst, buf, 10000, 1728 wps_er_http_put_message_cb, ap); 1729 if (ap->http == NULL) { 1730 wpabuf_free(buf); 1731 goto fail; 1732 } 1733 return; 1734 1735 fail: 1736 if (ap->wps) { 1737 wps_deinit(ap->wps); 1738 ap->wps = NULL; 1739 } 1740 } 1741 1742 1743 static void wps_er_ap_process(struct wps_er_ap *ap, struct wpabuf *msg) 1744 { 1745 enum wps_process_res res; 1746 struct wps_parse_attr attr; 1747 enum wsc_op_code op_code; 1748 1749 op_code = WSC_MSG; 1750 if (wps_parse_msg(msg, &attr) == 0 && attr.msg_type) { 1751 switch (*attr.msg_type) { 1752 case WPS_WSC_ACK: 1753 op_code = WSC_ACK; 1754 break; 1755 case WPS_WSC_NACK: 1756 op_code = WSC_NACK; 1757 break; 1758 case WPS_WSC_DONE: 1759 op_code = WSC_Done; 1760 break; 1761 } 1762 } 1763 1764 res = wps_process_msg(ap->wps, op_code, msg); 1765 if (res == WPS_CONTINUE) { 1766 struct wpabuf *next = wps_get_msg(ap->wps, &op_code); 1767 if (next) { 1768 wps_er_ap_put_message(ap, next); 1769 wpabuf_free(next); 1770 } else { 1771 wpa_printf(MSG_DEBUG, "WPS ER: Failed to build " 1772 "message"); 1773 wps_deinit(ap->wps); 1774 ap->wps = NULL; 1775 } 1776 } else if (res == WPS_DONE) { 1777 wpa_printf(MSG_DEBUG, "WPS ER: Protocol run done"); 1778 wps_deinit(ap->wps); 1779 ap->wps = NULL; 1780 } else { 1781 wpa_printf(MSG_DEBUG, "WPS ER: Failed to process message from " 1782 "AP (res=%d)", res); 1783 wps_deinit(ap->wps); 1784 ap->wps = NULL; 1785 } 1786 } 1787 1788 1789 static void wps_er_ap_learn_m1(struct wps_er_ap *ap, struct wpabuf *m1) 1790 { 1791 struct wps_config cfg; 1792 1793 if (ap->wps) { 1794 wpa_printf(MSG_DEBUG, "WPS ER: Protocol run already in " 1795 "progress with this AP"); 1796 return; 1797 } 1798 1799 os_memset(&cfg, 0, sizeof(cfg)); 1800 cfg.wps = ap->er->wps; 1801 cfg.registrar = 1; 1802 ap->wps = wps_init(&cfg); 1803 if (ap->wps == NULL) 1804 return; 1805 ap->wps->ap_settings_cb = wps_er_ap_settings_cb; 1806 ap->wps->ap_settings_cb_ctx = ap; 1807 1808 wps_er_ap_process(ap, m1); 1809 } 1810 1811 1812 static void wps_er_ap_learn(struct wps_er_ap *ap, const char *dev_info) 1813 { 1814 struct wpabuf *info; 1815 enum http_reply_code ret; 1816 1817 wpa_printf(MSG_DEBUG, "WPS ER: Received GetDeviceInfo response (M1) " 1818 "from the AP"); 1819 info = xml_get_base64_item(dev_info, "NewDeviceInfo", &ret); 1820 if (info == NULL) { 1821 wpa_printf(MSG_DEBUG, "WPS ER: Could not extract " 1822 "NewDeviceInfo from GetDeviceInfo response"); 1823 return; 1824 } 1825 1826 ap->m1_handler(ap, info); 1827 wpabuf_free(info); 1828 } 1829 1830 1831 static void wps_er_http_get_dev_info_cb(void *ctx, struct http_client *c, 1832 enum http_client_event event) 1833 { 1834 struct wps_er_ap *ap = ctx; 1835 struct wpabuf *reply; 1836 char *dev_info = NULL; 1837 1838 switch (event) { 1839 case HTTP_CLIENT_OK: 1840 wpa_printf(MSG_DEBUG, "WPS ER: GetDeviceInfo OK"); 1841 reply = http_client_get_body(c); 1842 if (reply == NULL) 1843 break; 1844 dev_info = os_zalloc(wpabuf_len(reply) + 1); 1845 if (dev_info == NULL) 1846 break; 1847 os_memcpy(dev_info, wpabuf_head(reply), wpabuf_len(reply)); 1848 break; 1849 case HTTP_CLIENT_FAILED: 1850 case HTTP_CLIENT_INVALID_REPLY: 1851 case HTTP_CLIENT_TIMEOUT: 1852 wpa_printf(MSG_DEBUG, "WPS ER: GetDeviceInfo failed"); 1853 break; 1854 } 1855 http_client_free(ap->http); 1856 ap->http = NULL; 1857 1858 if (dev_info) { 1859 wps_er_ap_learn(ap, dev_info); 1860 os_free(dev_info); 1861 } 1862 } 1863 1864 1865 static int wps_er_send_get_device_info(struct wps_er_ap *ap, 1866 void (*m1_handler)(struct wps_er_ap *ap, 1867 struct wpabuf *m1)) 1868 { 1869 struct wpabuf *buf; 1870 char *len_ptr, *body_ptr; 1871 struct sockaddr_in dst; 1872 char *url, *path; 1873 1874 if (ap->http) { 1875 wpa_printf(MSG_DEBUG, "WPS ER: Pending HTTP operation ongoing " 1876 "with the AP - cannot get device info"); 1877 return -1; 1878 } 1879 1880 if (ap->control_url == NULL) { 1881 wpa_printf(MSG_DEBUG, "WPS ER: No controlURL for AP"); 1882 return -1; 1883 } 1884 1885 url = http_client_url_parse(ap->control_url, &dst, &path); 1886 if (url == NULL) { 1887 wpa_printf(MSG_DEBUG, "WPS ER: Failed to parse controlURL"); 1888 return -1; 1889 } 1890 1891 buf = wps_er_soap_hdr(NULL, "GetDeviceInfo", NULL, path, &dst, 1892 &len_ptr, &body_ptr); 1893 os_free(url); 1894 if (buf == NULL) 1895 return -1; 1896 1897 wps_er_soap_end(buf, "GetDeviceInfo", len_ptr, body_ptr); 1898 1899 ap->http = http_client_addr(&dst, buf, 10000, 1900 wps_er_http_get_dev_info_cb, ap); 1901 if (ap->http == NULL) { 1902 wpabuf_free(buf); 1903 return -1; 1904 } 1905 1906 ap->m1_handler = m1_handler; 1907 1908 return 0; 1909 } 1910 1911 1912 int wps_er_learn(struct wps_er *er, const u8 *uuid, const u8 *addr, 1913 const u8 *pin, size_t pin_len) 1914 { 1915 struct wps_er_ap *ap; 1916 1917 if (er == NULL) 1918 return -1; 1919 1920 ap = wps_er_ap_get(er, NULL, uuid, addr); 1921 if (ap == NULL) { 1922 wpa_printf(MSG_DEBUG, "WPS ER: AP not found for learn " 1923 "request"); 1924 return -1; 1925 } 1926 if (uuid == NULL) 1927 uuid = ap->uuid; 1928 if (ap->wps) { 1929 wpa_printf(MSG_DEBUG, "WPS ER: Pending operation ongoing " 1930 "with the AP - cannot start learn"); 1931 return -1; 1932 } 1933 1934 if (wps_er_send_get_device_info(ap, wps_er_ap_learn_m1) < 0) 1935 return -1; 1936 1937 er->skip_set_sel_reg = 1; 1938 wps_registrar_add_pin(er->wps->registrar, NULL, uuid, pin, pin_len, 0); 1939 er->skip_set_sel_reg = 0; 1940 1941 return 0; 1942 } 1943 1944 1945 int wps_er_set_config(struct wps_er *er, const u8 *uuid, const u8 *addr, 1946 const struct wps_credential *cred) 1947 { 1948 struct wps_er_ap *ap; 1949 1950 if (er == NULL) 1951 return -1; 1952 1953 ap = wps_er_ap_get(er, NULL, uuid, addr); 1954 if (ap == NULL) { 1955 wpa_printf(MSG_DEBUG, "WPS ER: AP not found for set config " 1956 "request"); 1957 return -1; 1958 } 1959 1960 os_free(ap->ap_settings); 1961 ap->ap_settings = os_malloc(sizeof(*cred)); 1962 if (ap->ap_settings == NULL) 1963 return -1; 1964 os_memcpy(ap->ap_settings, cred, sizeof(*cred)); 1965 ap->ap_settings->cred_attr = NULL; 1966 wpa_printf(MSG_DEBUG, "WPS ER: Updated local AP settings based set " 1967 "config request"); 1968 1969 return 0; 1970 } 1971 1972 1973 static void wps_er_ap_config_m1(struct wps_er_ap *ap, struct wpabuf *m1) 1974 { 1975 struct wps_config cfg; 1976 1977 if (ap->wps) { 1978 wpa_printf(MSG_DEBUG, "WPS ER: Protocol run already in " 1979 "progress with this AP"); 1980 return; 1981 } 1982 1983 os_memset(&cfg, 0, sizeof(cfg)); 1984 cfg.wps = ap->er->wps; 1985 cfg.registrar = 1; 1986 cfg.new_ap_settings = ap->ap_settings; 1987 ap->wps = wps_init(&cfg); 1988 if (ap->wps == NULL) 1989 return; 1990 ap->wps->ap_settings_cb = NULL; 1991 ap->wps->ap_settings_cb_ctx = NULL; 1992 1993 wps_er_ap_process(ap, m1); 1994 } 1995 1996 1997 int wps_er_config(struct wps_er *er, const u8 *uuid, const u8 *addr, 1998 const u8 *pin, size_t pin_len, 1999 const struct wps_credential *cred) 2000 { 2001 struct wps_er_ap *ap; 2002 2003 if (er == NULL) 2004 return -1; 2005 2006 ap = wps_er_ap_get(er, NULL, uuid, addr); 2007 if (ap == NULL) { 2008 wpa_printf(MSG_DEBUG, "WPS ER: AP not found for config " 2009 "request"); 2010 return -1; 2011 } 2012 if (uuid == NULL) 2013 uuid = ap->uuid; 2014 if (ap->wps) { 2015 wpa_printf(MSG_DEBUG, "WPS ER: Pending operation ongoing " 2016 "with the AP - cannot start config"); 2017 return -1; 2018 } 2019 2020 os_free(ap->ap_settings); 2021 ap->ap_settings = os_malloc(sizeof(*cred)); 2022 if (ap->ap_settings == NULL) 2023 return -1; 2024 os_memcpy(ap->ap_settings, cred, sizeof(*cred)); 2025 ap->ap_settings->cred_attr = NULL; 2026 2027 if (wps_er_send_get_device_info(ap, wps_er_ap_config_m1) < 0) 2028 return -1; 2029 2030 er->skip_set_sel_reg = 1; 2031 wps_registrar_add_pin(er->wps->registrar, NULL, uuid, pin, pin_len, 0); 2032 er->skip_set_sel_reg = 0; 2033 2034 return 0; 2035 } 2036 2037 2038 #ifdef CONFIG_WPS_NFC 2039 2040 struct wpabuf * wps_er_config_token_from_cred(struct wps_context *wps, 2041 struct wps_credential *cred) 2042 { 2043 struct wpabuf *ret; 2044 struct wps_data data; 2045 2046 ret = wpabuf_alloc(500); 2047 if (ret == NULL) 2048 return NULL; 2049 2050 os_memset(&data, 0, sizeof(data)); 2051 data.wps = wps; 2052 data.use_cred = cred; 2053 if (wps_build_cred(&data, ret) || 2054 wps_build_wfa_ext(ret, 0, NULL, 0)) { 2055 wpabuf_free(ret); 2056 return NULL; 2057 } 2058 2059 return ret; 2060 } 2061 2062 2063 struct wpabuf * wps_er_nfc_config_token(struct wps_er *er, const u8 *uuid, 2064 const u8 *addr) 2065 { 2066 struct wps_er_ap *ap; 2067 2068 if (er == NULL) 2069 return NULL; 2070 2071 ap = wps_er_ap_get(er, NULL, uuid, addr); 2072 if (ap == NULL) 2073 return NULL; 2074 if (ap->ap_settings == NULL) { 2075 wpa_printf(MSG_DEBUG, "WPS ER: No settings known for the " 2076 "selected AP"); 2077 return NULL; 2078 } 2079 2080 return wps_er_config_token_from_cred(er->wps, ap->ap_settings); 2081 } 2082 2083 2084 struct wpabuf * wps_er_nfc_handover_sel(struct wps_er *er, 2085 struct wps_context *wps, const u8 *uuid, 2086 const u8 *addr, struct wpabuf *pubkey) 2087 { 2088 struct wps_er_ap *ap; 2089 2090 if (er == NULL) 2091 return NULL; 2092 2093 ap = wps_er_ap_get(er, NULL, uuid, addr); 2094 if (ap == NULL) 2095 return NULL; 2096 if (ap->ap_settings == NULL) { 2097 wpa_printf(MSG_DEBUG, "WPS ER: No settings known for the " 2098 "selected AP"); 2099 return NULL; 2100 } 2101 2102 os_memcpy(wps->ssid, ap->ap_settings->ssid, ap->ap_settings->ssid_len); 2103 wps->ssid_len = ap->ap_settings->ssid_len; 2104 2105 return wps_build_nfc_handover_sel(wps, pubkey, addr, 0); 2106 } 2107 2108 #endif /* CONFIG_WPS_NFC */ 2109