1 /*
2  * hostapd / EAP user database
3  * Copyright (c) 2012, Jouni Malinen <j@w1.fi>
4  *
5  * This software may be distributed under the terms of the BSD license.
6  * See README for more details.
7  */
8 
9 #include "includes.h"
10 #ifdef CONFIG_SQLITE
11 #include <sqlite3.h>
12 #endif /* CONFIG_SQLITE */
13 
14 #include "common.h"
15 #include "eap_common/eap_wsc_common.h"
16 #include "eap_server/eap_methods.h"
17 #include "eap_server/eap.h"
18 #include "ap_config.h"
19 #include "hostapd.h"
20 
21 #ifdef CONFIG_SQLITE
22 
set_user_methods(struct hostapd_eap_user * user,const char * methods)23 static void set_user_methods(struct hostapd_eap_user *user, const char *methods)
24 {
25 	char *buf, *start;
26 	int num_methods;
27 
28 	buf = os_strdup(methods);
29 	if (buf == NULL)
30 		return;
31 
32 	os_memset(&user->methods, 0, sizeof(user->methods));
33 	num_methods = 0;
34 	start = buf;
35 	while (*start) {
36 		char *pos3 = os_strchr(start, ',');
37 		if (pos3)
38 			*pos3++ = '\0';
39 		user->methods[num_methods].method =
40 			eap_server_get_type(start,
41 					    &user->methods[num_methods].vendor);
42 		if (user->methods[num_methods].vendor == EAP_VENDOR_IETF &&
43 		    user->methods[num_methods].method == EAP_TYPE_NONE) {
44 			if (os_strcmp(start, "TTLS-PAP") == 0) {
45 				user->ttls_auth |= EAP_TTLS_AUTH_PAP;
46 				goto skip_eap;
47 			}
48 			if (os_strcmp(start, "TTLS-CHAP") == 0) {
49 				user->ttls_auth |= EAP_TTLS_AUTH_CHAP;
50 				goto skip_eap;
51 			}
52 			if (os_strcmp(start, "TTLS-MSCHAP") == 0) {
53 				user->ttls_auth |= EAP_TTLS_AUTH_MSCHAP;
54 				goto skip_eap;
55 			}
56 			if (os_strcmp(start, "TTLS-MSCHAPV2") == 0) {
57 				user->ttls_auth |= EAP_TTLS_AUTH_MSCHAPV2;
58 				goto skip_eap;
59 			}
60 			wpa_printf(MSG_INFO, "DB: Unsupported EAP type '%s'",
61 				   start);
62 			os_free(buf);
63 			return;
64 		}
65 
66 		num_methods++;
67 		if (num_methods >= EAP_MAX_METHODS)
68 			break;
69 	skip_eap:
70 		if (pos3 == NULL)
71 			break;
72 		start = pos3;
73 	}
74 
75 	os_free(buf);
76 }
77 
78 
get_user_cb(void * ctx,int argc,char * argv[],char * col[])79 static int get_user_cb(void *ctx, int argc, char *argv[], char *col[])
80 {
81 	struct hostapd_eap_user *user = ctx;
82 	int i;
83 
84 	for (i = 0; i < argc; i++) {
85 		if (os_strcmp(col[i], "password") == 0 && argv[i]) {
86 			bin_clear_free(user->password, user->password_len);
87 			user->password_len = os_strlen(argv[i]);
88 			user->password = (u8 *) os_strdup(argv[i]);
89 			user->next = (void *) 1;
90 		} else if (os_strcmp(col[i], "methods") == 0 && argv[i]) {
91 			set_user_methods(user, argv[i]);
92 		} else if (os_strcmp(col[i], "remediation") == 0 && argv[i]) {
93 			user->remediation = strlen(argv[i]) > 0;
94 		} else if (os_strcmp(col[i], "t_c_timestamp") == 0 && argv[i]) {
95 			user->t_c_timestamp = strtol(argv[i], NULL, 10);
96 		}
97 	}
98 
99 	return 0;
100 }
101 
102 
get_wildcard_cb(void * ctx,int argc,char * argv[],char * col[])103 static int get_wildcard_cb(void *ctx, int argc, char *argv[], char *col[])
104 {
105 	struct hostapd_eap_user *user = ctx;
106 	int i, id = -1, methods = -1;
107 	size_t len;
108 
109 	for (i = 0; i < argc; i++) {
110 		if (os_strcmp(col[i], "identity") == 0 && argv[i])
111 			id = i;
112 		else if (os_strcmp(col[i], "methods") == 0 && argv[i])
113 			methods = i;
114 	}
115 
116 	if (id < 0 || methods < 0)
117 		return 0;
118 
119 	len = os_strlen(argv[id]);
120 	if (len <= user->identity_len &&
121 	    os_memcmp(argv[id], user->identity, len) == 0 &&
122 	    (user->password == NULL || len > user->password_len)) {
123 		bin_clear_free(user->password, user->password_len);
124 		user->password_len = os_strlen(argv[id]);
125 		user->password = (u8 *) os_strdup(argv[id]);
126 		user->next = (void *) 1;
127 		set_user_methods(user, argv[methods]);
128 	}
129 
130 	return 0;
131 }
132 
133 
134 static const struct hostapd_eap_user *
eap_user_sqlite_get(struct hostapd_data * hapd,const u8 * identity,size_t identity_len,int phase2)135 eap_user_sqlite_get(struct hostapd_data *hapd, const u8 *identity,
136 		    size_t identity_len, int phase2)
137 {
138 	sqlite3 *db;
139 	struct hostapd_eap_user *user = NULL;
140 	char id_str[256], cmd[300];
141 	size_t i;
142 	int res;
143 
144 	if (identity_len >= sizeof(id_str)) {
145 		wpa_printf(MSG_DEBUG, "%s: identity len too big: %d >= %d",
146 			   __func__, (int) identity_len,
147 			   (int) (sizeof(id_str)));
148 		return NULL;
149 	}
150 	os_memcpy(id_str, identity, identity_len);
151 	id_str[identity_len] = '\0';
152 	for (i = 0; i < identity_len; i++) {
153 		if (id_str[i] >= 'a' && id_str[i] <= 'z')
154 			continue;
155 		if (id_str[i] >= 'A' && id_str[i] <= 'Z')
156 			continue;
157 		if (id_str[i] >= '0' && id_str[i] <= '9')
158 			continue;
159 		if (id_str[i] == '-' || id_str[i] == '_' || id_str[i] == '.' ||
160 		    id_str[i] == ',' || id_str[i] == '@' || id_str[i] == '\\' ||
161 		    id_str[i] == '!' || id_str[i] == '#' || id_str[i] == '%' ||
162 		    id_str[i] == '=' || id_str[i] == ' ')
163 			continue;
164 		wpa_printf(MSG_INFO, "DB: Unsupported character in identity");
165 		return NULL;
166 	}
167 
168 	bin_clear_free(hapd->tmp_eap_user.identity,
169 		       hapd->tmp_eap_user.identity_len);
170 	bin_clear_free(hapd->tmp_eap_user.password,
171 		       hapd->tmp_eap_user.password_len);
172 	os_memset(&hapd->tmp_eap_user, 0, sizeof(hapd->tmp_eap_user));
173 	hapd->tmp_eap_user.phase2 = phase2;
174 	hapd->tmp_eap_user.identity = os_zalloc(identity_len + 1);
175 	if (hapd->tmp_eap_user.identity == NULL)
176 		return NULL;
177 	os_memcpy(hapd->tmp_eap_user.identity, identity, identity_len);
178 	hapd->tmp_eap_user.identity_len = identity_len;
179 
180 	if (sqlite3_open(hapd->conf->eap_user_sqlite, &db)) {
181 		wpa_printf(MSG_INFO, "DB: Failed to open database %s: %s",
182 			   hapd->conf->eap_user_sqlite, sqlite3_errmsg(db));
183 		sqlite3_close(db);
184 		return NULL;
185 	}
186 
187 	res = os_snprintf(cmd, sizeof(cmd),
188 			  "SELECT * FROM users WHERE identity='%s' AND phase2=%d;",
189 			  id_str, phase2);
190 	if (os_snprintf_error(sizeof(cmd), res))
191 		goto fail;
192 
193 	wpa_printf(MSG_DEBUG, "DB: %s", cmd);
194 	if (sqlite3_exec(db, cmd, get_user_cb, &hapd->tmp_eap_user, NULL) !=
195 	    SQLITE_OK) {
196 		wpa_printf(MSG_DEBUG,
197 			   "DB: Failed to complete SQL operation: %s  db: %s",
198 			   sqlite3_errmsg(db), hapd->conf->eap_user_sqlite);
199 	} else if (hapd->tmp_eap_user.next)
200 		user = &hapd->tmp_eap_user;
201 
202 	if (user == NULL && !phase2) {
203 		os_snprintf(cmd, sizeof(cmd),
204 			    "SELECT identity,methods FROM wildcards;");
205 		wpa_printf(MSG_DEBUG, "DB: %s", cmd);
206 		if (sqlite3_exec(db, cmd, get_wildcard_cb, &hapd->tmp_eap_user,
207 				 NULL) != SQLITE_OK) {
208 			wpa_printf(MSG_DEBUG,
209 				   "DB: Failed to complete SQL operation: %s  db: %s",
210 				   sqlite3_errmsg(db),
211 				   hapd->conf->eap_user_sqlite);
212 		} else if (hapd->tmp_eap_user.next) {
213 			user = &hapd->tmp_eap_user;
214 			os_free(user->identity);
215 			user->identity = user->password;
216 			user->identity_len = user->password_len;
217 			user->password = NULL;
218 			user->password_len = 0;
219 		}
220 	}
221 
222 fail:
223 	sqlite3_close(db);
224 
225 	return user;
226 }
227 
228 #endif /* CONFIG_SQLITE */
229 
230 
231 const struct hostapd_eap_user *
hostapd_get_eap_user(struct hostapd_data * hapd,const u8 * identity,size_t identity_len,int phase2)232 hostapd_get_eap_user(struct hostapd_data *hapd, const u8 *identity,
233 		     size_t identity_len, int phase2)
234 {
235 	const struct hostapd_bss_config *conf = hapd->conf;
236 	struct hostapd_eap_user *user = conf->eap_user;
237 
238 #ifdef CONFIG_WPS
239 	if (conf->wps_state && identity_len == WSC_ID_ENROLLEE_LEN &&
240 	    os_memcmp(identity, WSC_ID_ENROLLEE, WSC_ID_ENROLLEE_LEN) == 0) {
241 		static struct hostapd_eap_user wsc_enrollee;
242 		os_memset(&wsc_enrollee, 0, sizeof(wsc_enrollee));
243 		wsc_enrollee.methods[0].method = eap_server_get_type(
244 			"WSC", &wsc_enrollee.methods[0].vendor);
245 		return &wsc_enrollee;
246 	}
247 
248 	if (conf->wps_state && identity_len == WSC_ID_REGISTRAR_LEN &&
249 	    os_memcmp(identity, WSC_ID_REGISTRAR, WSC_ID_REGISTRAR_LEN) == 0) {
250 		static struct hostapd_eap_user wsc_registrar;
251 		os_memset(&wsc_registrar, 0, sizeof(wsc_registrar));
252 		wsc_registrar.methods[0].method = eap_server_get_type(
253 			"WSC", &wsc_registrar.methods[0].vendor);
254 		wsc_registrar.password = (u8 *) conf->ap_pin;
255 		wsc_registrar.password_len = conf->ap_pin ?
256 			os_strlen(conf->ap_pin) : 0;
257 		return &wsc_registrar;
258 	}
259 #endif /* CONFIG_WPS */
260 
261 	while (user) {
262 		if (!phase2 && user->identity == NULL) {
263 			/* Wildcard match */
264 			break;
265 		}
266 
267 		if (user->phase2 == !!phase2 && user->wildcard_prefix &&
268 		    identity_len >= user->identity_len &&
269 		    os_memcmp(user->identity, identity, user->identity_len) ==
270 		    0) {
271 			/* Wildcard prefix match */
272 			break;
273 		}
274 
275 		if (user->phase2 == !!phase2 &&
276 		    user->identity_len == identity_len &&
277 		    os_memcmp(user->identity, identity, identity_len) == 0)
278 			break;
279 		user = user->next;
280 	}
281 
282 #ifdef CONFIG_SQLITE
283 	if (user == NULL && conf->eap_user_sqlite) {
284 		return eap_user_sqlite_get(hapd, identity, identity_len,
285 					   phase2);
286 	}
287 #endif /* CONFIG_SQLITE */
288 
289 	return user;
290 }
291