/src/hostap/src/ap/eap_user_db.c

Source
/*
 * hostapd / EAP user database
 * Copyright (c) 2012, Jouni Malinen <j@w1.fi>
 *
 * This software may be distributed under the terms of the BSD license.
 * See README for more details.
 */

#include "includes.h"
#ifdef CONFIG_SQLITE
#include <sqlite3.h>
#endif /* CONFIG_SQLITE */

#include "common.h"
#include "eap_common/eap_wsc_common.h"
#include "eap_server/eap_methods.h"
#include "eap_server/eap.h"
#include "ap_config.h"
#include "hostapd.h"

#ifdef CONFIG_SQLITE

static void set_user_methods(struct hostapd_eap_user *user, const char *methods)
{
  char *buf, *start;
  int num_methods;

  buf = os_strdup(methods);
  if (buf == NULL)
    return;

  os_memset(&user->methods, 0, sizeof(user->methods));
  num_methods = 0;
  start = buf;
  while (*start) {
    char *pos3 = os_strchr(start, ',');
    if (pos3)
      *pos3++ = '\0';
    user->methods[num_methods].method =
      eap_server_get_type(start,
              &user->methods[num_methods].vendor);
    if (user->methods[num_methods].vendor == EAP_VENDOR_IETF &&
        user->methods[num_methods].method == EAP_TYPE_NONE) {
      if (os_strcmp(start, "TTLS-PAP") == 0) {
        user->ttls_auth |= EAP_TTLS_AUTH_PAP;
        goto skip_eap;
      }
      if (os_strcmp(start, "TTLS-CHAP") == 0) {
        user->ttls_auth |= EAP_TTLS_AUTH_CHAP;
        goto skip_eap;
      }
      if (os_strcmp(start, "TTLS-MSCHAP") == 0) {
        user->ttls_auth |= EAP_TTLS_AUTH_MSCHAP;
        goto skip_eap;
      }
      if (os_strcmp(start, "TTLS-MSCHAPV2") == 0) {
        user->ttls_auth |= EAP_TTLS_AUTH_MSCHAPV2;
        goto skip_eap;
      }
      wpa_printf(MSG_INFO, "DB: Unsupported EAP type '%s'",
           start);
      os_free(buf);
      return;
    }

    num_methods++;
    if (num_methods >= EAP_MAX_METHODS)
      break;
  skip_eap:
    if (pos3 == NULL)
      break;
    start = pos3;
  }

  os_free(buf);
}


static int get_user_cb(void *ctx, int argc, char *argv[], char *col[])
{
  struct hostapd_eap_user *user = ctx;
  int i;

  for (i = 0; i < argc; i++) {
    if (os_strcmp(col[i], "password") == 0 && argv[i]) {
      bin_clear_free(user->password, user->password_len);
      user->password_len = os_strlen(argv[i]);
      user->password = (u8 *) os_strdup(argv[i]);
      user->next = (void *) 1;
    } else if (os_strcmp(col[i], "methods") == 0 && argv[i]) {
      set_user_methods(user, argv[i]);
    } else if (os_strcmp(col[i], "t_c_timestamp") == 0 && argv[i]) {
      user->t_c_timestamp = strtol(argv[i], NULL, 10);
    }
  }

  return 0;
}


static int get_wildcard_cb(void *ctx, int argc, char *argv[], char *col[])
{
  struct hostapd_eap_user *user = ctx;
  int i, id = -1, methods = -1;
  size_t len;

  for (i = 0; i < argc; i++) {
    if (os_strcmp(col[i], "identity") == 0 && argv[i])
      id = i;
    else if (os_strcmp(col[i], "methods") == 0 && argv[i])
      methods = i;
  }

  if (id < 0 || methods < 0)
    return 0;

  len = os_strlen(argv[id]);
  if (len <= user->identity_len &&
      os_memcmp(argv[id], user->identity, len) == 0 &&
      (user->password == NULL || len > user->password_len)) {
    bin_clear_free(user->password, user->password_len);
    user->password_len = os_strlen(argv[id]);
    user->password = (u8 *) os_strdup(argv[id]);
    user->next = (void *) 1;
    set_user_methods(user, argv[methods]);
  }

  return 0;
}


static const struct hostapd_eap_user *
eap_user_sqlite_get(struct hostapd_data *hapd, const u8 *identity,
        size_t identity_len, int phase2)
{
  sqlite3 *db;
  struct hostapd_eap_user *user = NULL;
  char id_str[256], cmd[300];
  size_t i;
  int res;

  if (identity_len >= sizeof(id_str)) {
    wpa_printf(MSG_DEBUG, "%s: identity len too big: %d >= %d",
         __func__, (int) identity_len,
         (int) (sizeof(id_str)));
    return NULL;
  }
  os_memcpy(id_str, identity, identity_len);
  id_str[identity_len] = '\0';
  for (i = 0; i < identity_len; i++) {
    if (id_str[i] >= 'a' && id_str[i] <= 'z')
      continue;
    if (id_str[i] >= 'A' && id_str[i] <= 'Z')
      continue;
    if (id_str[i] >= '0' && id_str[i] <= '9')
      continue;
    if (id_str[i] == '-' || id_str[i] == '_' || id_str[i] == '.' ||
        id_str[i] == ',' || id_str[i] == '@' || id_str[i] == '\\' ||
        id_str[i] == '!' || id_str[i] == '#' || id_str[i] == '%' ||
        id_str[i] == '=' || id_str[i] == ' ')
      continue;
    wpa_printf(MSG_INFO, "DB: Unsupported character in identity");
    return NULL;
  }

  bin_clear_free(hapd->tmp_eap_user.identity,
           hapd->tmp_eap_user.identity_len);
  bin_clear_free(hapd->tmp_eap_user.password,
           hapd->tmp_eap_user.password_len);
  os_memset(&hapd->tmp_eap_user, 0, sizeof(hapd->tmp_eap_user));
  hapd->tmp_eap_user.phase2 = phase2;
  hapd->tmp_eap_user.identity = os_zalloc(identity_len + 1);
  if (hapd->tmp_eap_user.identity == NULL)
    return NULL;
  os_memcpy(hapd->tmp_eap_user.identity, identity, identity_len);
  hapd->tmp_eap_user.identity_len = identity_len;

  if (sqlite3_open(hapd->conf->eap_user_sqlite, &db)) {
    wpa_printf(MSG_INFO, "DB: Failed to open database %s: %s",
         hapd->conf->eap_user_sqlite, sqlite3_errmsg(db));
    sqlite3_close(db);
    return NULL;
  }

  res = os_snprintf(cmd, sizeof(cmd),
        "SELECT * FROM users WHERE identity='%s' AND phase2=%d;",
        id_str, phase2);
  if (os_snprintf_error(sizeof(cmd), res))
    goto fail;

  wpa_printf(MSG_DEBUG, "DB: %s", cmd);
  if (sqlite3_exec(db, cmd, get_user_cb, &hapd->tmp_eap_user, NULL) !=
      SQLITE_OK) {
    wpa_printf(MSG_DEBUG,
         "DB: Failed to complete SQL operation: %s  db: %s",
         sqlite3_errmsg(db), hapd->conf->eap_user_sqlite);
  } else if (hapd->tmp_eap_user.next)
    user = &hapd->tmp_eap_user;

  if (user == NULL && !phase2) {
    os_snprintf(cmd, sizeof(cmd),
          "SELECT identity,methods FROM wildcards;");
    wpa_printf(MSG_DEBUG, "DB: %s", cmd);
    if (sqlite3_exec(db, cmd, get_wildcard_cb, &hapd->tmp_eap_user,
         NULL) != SQLITE_OK) {
      wpa_printf(MSG_DEBUG,
           "DB: Failed to complete SQL operation: %s  db: %s",
           sqlite3_errmsg(db),
           hapd->conf->eap_user_sqlite);
    } else if (hapd->tmp_eap_user.next) {
      user = &hapd->tmp_eap_user;
      os_free(user->identity);
      user->identity = user->password;
      user->identity_len = user->password_len;
      user->password = NULL;
      user->password_len = 0;
    }
  }

fail:
  sqlite3_close(db);

  return user;
}

#endif /* CONFIG_SQLITE */


const struct hostapd_eap_user *
hostapd_get_eap_user(struct hostapd_data *hapd, const u8 *identity,
         size_t identity_len, int phase2)
{
  const struct hostapd_bss_config *conf = hapd->conf;
  struct hostapd_eap_user *user = conf->eap_user;

#ifdef CONFIG_WPS
  if (conf->wps_state && identity_len == WSC_ID_ENROLLEE_LEN &&
      os_memcmp(identity, WSC_ID_ENROLLEE, WSC_ID_ENROLLEE_LEN) == 0) {
    static struct hostapd_eap_user wsc_enrollee;
    os_memset(&wsc_enrollee, 0, sizeof(wsc_enrollee));
    wsc_enrollee.methods[0].method = eap_server_get_type(
      "WSC", &wsc_enrollee.methods[0].vendor);
    return &wsc_enrollee;
  }

  if (conf->wps_state && identity_len == WSC_ID_REGISTRAR_LEN &&
      os_memcmp(identity, WSC_ID_REGISTRAR, WSC_ID_REGISTRAR_LEN) == 0) {
    static struct hostapd_eap_user wsc_registrar;
    os_memset(&wsc_registrar, 0, sizeof(wsc_registrar));
    wsc_registrar.methods[0].method = eap_server_get_type(
      "WSC", &wsc_registrar.methods[0].vendor);
    wsc_registrar.password = (u8 *) conf->ap_pin;
    wsc_registrar.password_len = conf->ap_pin ?
      os_strlen(conf->ap_pin) : 0;
    return &wsc_registrar;
  }
#endif /* CONFIG_WPS */

  while (user) {
    if (!phase2 && user->identity == NULL) {
      /* Wildcard match */
      break;
    }

    if (user->phase2 == !!phase2 && user->wildcard_prefix &&
        identity_len >= user->identity_len &&
        os_memcmp(user->identity, identity, user->identity_len) ==
        0) {
      /* Wildcard prefix match */
      break;
    }

    if (user->phase2 == !!phase2 &&
        user->identity_len == identity_len &&
        os_memcmp(user->identity, identity, identity_len) == 0)
      break;
    user = user->next;
  }

#ifdef CONFIG_SQLITE
  if (user == NULL && conf->eap_user_sqlite) {
    return eap_user_sqlite_get(hapd, identity, identity_len,
             phase2);
  }
#endif /* CONFIG_SQLITE */

  return user;
}

Coverage Report

Created: 2026-06-15 06:18

Line	Count	Source
1		/*
2		* hostapd / EAP user database
3		* Copyright (c) 2012, Jouni Malinen <j@w1.fi>
4		*
5		* This software may be distributed under the terms of the BSD license.
6		* See README for more details.
7		*/
8
9		#include "includes.h"
10		#ifdef CONFIG_SQLITE
11		#include <sqlite3.h>
12		#endif /* CONFIG_SQLITE */
13
14		#include "common.h"
15		#include "eap_common/eap_wsc_common.h"
16		#include "eap_server/eap_methods.h"
17		#include "eap_server/eap.h"
18		#include "ap_config.h"
19		#include "hostapd.h"
20
21		#ifdef CONFIG_SQLITE
22
23		static void set_user_methods(struct hostapd_eap_user user, const char methods)
24		{
25		char buf, start;
26		int num_methods;
27
28		buf = os_strdup(methods);
29		if (buf == NULL)
30		return;
31
32		os_memset(&user->methods, 0, sizeof(user->methods));
33		num_methods = 0;
34		start = buf;
35		while (*start) {
36		char *pos3 = os_strchr(start, ',');
37		if (pos3)
38		*pos3++ = '\0';
39		user->methods[num_methods].method =
40		eap_server_get_type(start,
41		&user->methods[num_methods].vendor);
42		if (user->methods[num_methods].vendor == EAP_VENDOR_IETF &&
43		user->methods[num_methods].method == EAP_TYPE_NONE) {
44		if (os_strcmp(start, "TTLS-PAP") == 0) {
45		user->ttls_auth \|= EAP_TTLS_AUTH_PAP;
46		goto skip_eap;
47		}
48		if (os_strcmp(start, "TTLS-CHAP") == 0) {
49		user->ttls_auth \|= EAP_TTLS_AUTH_CHAP;
50		goto skip_eap;
51		}
52		if (os_strcmp(start, "TTLS-MSCHAP") == 0) {
53		user->ttls_auth \|= EAP_TTLS_AUTH_MSCHAP;
54		goto skip_eap;
55		}
56		if (os_strcmp(start, "TTLS-MSCHAPV2") == 0) {
57		user->ttls_auth \|= EAP_TTLS_AUTH_MSCHAPV2;
58		goto skip_eap;
59		}
60		wpa_printf(MSG_INFO, "DB: Unsupported EAP type '%s'",
61		start);
62		os_free(buf);
63		return;
64		}
65
66		num_methods++;
67		if (num_methods >= EAP_MAX_METHODS)
68		break;
69		skip_eap:
70		if (pos3 == NULL)
71		break;
72		start = pos3;
73		}
74
75		os_free(buf);
76		}
77
78
79		static int get_user_cb(void ctx, int argc, char argv[], char *col[])
80		{
81		struct hostapd_eap_user *user = ctx;
82		int i;
83
84		for (i = 0; i < argc; i++) {
85		if (os_strcmp(col[i], "password") == 0 && argv[i]) {
86		bin_clear_free(user->password, user->password_len);
87		user->password_len = os_strlen(argv[i]);
88		user->password = (u8 *) os_strdup(argv[i]);
89		user->next = (void *) 1;
90		} else if (os_strcmp(col[i], "methods") == 0 && argv[i]) {
91		set_user_methods(user, argv[i]);
92		} else if (os_strcmp(col[i], "t_c_timestamp") == 0 && argv[i]) {
93		user->t_c_timestamp = strtol(argv[i], NULL, 10);
94		}
95		}
96
97		return 0;
98		}
99
100
101		static int get_wildcard_cb(void ctx, int argc, char argv[], char *col[])
102		{
103		struct hostapd_eap_user *user = ctx;
104		int i, id = -1, methods = -1;
105		size_t len;
106
107		for (i = 0; i < argc; i++) {
108		if (os_strcmp(col[i], "identity") == 0 && argv[i])
109		id = i;
110		else if (os_strcmp(col[i], "methods") == 0 && argv[i])
111		methods = i;
112		}
113
114		if (id < 0 \|\| methods < 0)
115		return 0;
116
117		len = os_strlen(argv[id]);
118		if (len <= user->identity_len &&
119		os_memcmp(argv[id], user->identity, len) == 0 &&
120		(user->password == NULL \|\| len > user->password_len)) {
121		bin_clear_free(user->password, user->password_len);
122		user->password_len = os_strlen(argv[id]);
123		user->password = (u8 *) os_strdup(argv[id]);
124		user->next = (void *) 1;
125		set_user_methods(user, argv[methods]);
126		}
127
128		return 0;
129		}
130
131
132		static const struct hostapd_eap_user *
133		eap_user_sqlite_get(struct hostapd_data hapd, const u8 identity,
134		size_t identity_len, int phase2)
135		{
136		sqlite3 *db;
137		struct hostapd_eap_user *user = NULL;
138		char id_str[256], cmd[300];
139		size_t i;
140		int res;
141
142		if (identity_len >= sizeof(id_str)) {
143		wpa_printf(MSG_DEBUG, "%s: identity len too big: %d >= %d",
144		__func__, (int) identity_len,
145		(int) (sizeof(id_str)));
146		return NULL;
147		}
148		os_memcpy(id_str, identity, identity_len);
149		id_str[identity_len] = '\0';
150		for (i = 0; i < identity_len; i++) {
151		if (id_str[i] >= 'a' && id_str[i] <= 'z')
152		continue;
153		if (id_str[i] >= 'A' && id_str[i] <= 'Z')
154		continue;
155		if (id_str[i] >= '0' && id_str[i] <= '9')
156		continue;
157		if (id_str[i] == '-' \|\| id_str[i] == '_' \|\| id_str[i] == '.' \|\|
158		id_str[i] == ',' \|\| id_str[i] == '@' \|\| id_str[i] == '\\' \|\|
159		id_str[i] == '!' \|\| id_str[i] == '#' \|\| id_str[i] == '%' \|\|
160		id_str[i] == '=' \|\| id_str[i] == ' ')
161		continue;
162		wpa_printf(MSG_INFO, "DB: Unsupported character in identity");
163		return NULL;
164		}
165
166		bin_clear_free(hapd->tmp_eap_user.identity,
167		hapd->tmp_eap_user.identity_len);
168		bin_clear_free(hapd->tmp_eap_user.password,
169		hapd->tmp_eap_user.password_len);
170		os_memset(&hapd->tmp_eap_user, 0, sizeof(hapd->tmp_eap_user));
171		hapd->tmp_eap_user.phase2 = phase2;
172		hapd->tmp_eap_user.identity = os_zalloc(identity_len + 1);
173		if (hapd->tmp_eap_user.identity == NULL)
174		return NULL;
175		os_memcpy(hapd->tmp_eap_user.identity, identity, identity_len);
176		hapd->tmp_eap_user.identity_len = identity_len;
177
178		if (sqlite3_open(hapd->conf->eap_user_sqlite, &db)) {
179		wpa_printf(MSG_INFO, "DB: Failed to open database %s: %s",
180		hapd->conf->eap_user_sqlite, sqlite3_errmsg(db));
181		sqlite3_close(db);
182		return NULL;
183		}
184
185		res = os_snprintf(cmd, sizeof(cmd),
186		"SELECT * FROM users WHERE identity='%s' AND phase2=%d;",
187		id_str, phase2);
188		if (os_snprintf_error(sizeof(cmd), res))
189		goto fail;
190
191		wpa_printf(MSG_DEBUG, "DB: %s", cmd);
192		if (sqlite3_exec(db, cmd, get_user_cb, &hapd->tmp_eap_user, NULL) !=
193		SQLITE_OK) {
194		wpa_printf(MSG_DEBUG,
195		"DB: Failed to complete SQL operation: %s db: %s",
196		sqlite3_errmsg(db), hapd->conf->eap_user_sqlite);
197		} else if (hapd->tmp_eap_user.next)
198		user = &hapd->tmp_eap_user;
199
200		if (user == NULL && !phase2) {
201		os_snprintf(cmd, sizeof(cmd),
202		"SELECT identity,methods FROM wildcards;");
203		wpa_printf(MSG_DEBUG, "DB: %s", cmd);
204		if (sqlite3_exec(db, cmd, get_wildcard_cb, &hapd->tmp_eap_user,
205		NULL) != SQLITE_OK) {
206		wpa_printf(MSG_DEBUG,
207		"DB: Failed to complete SQL operation: %s db: %s",
208		sqlite3_errmsg(db),
209		hapd->conf->eap_user_sqlite);
210		} else if (hapd->tmp_eap_user.next) {
211		user = &hapd->tmp_eap_user;
212		os_free(user->identity);
213		user->identity = user->password;
214		user->identity_len = user->password_len;
215		user->password = NULL;
216		user->password_len = 0;
217		}
218		}
219
220		fail:
221		sqlite3_close(db);
222
223		return user;
224		}
225
226		#endif /* CONFIG_SQLITE */
227
228
229		const struct hostapd_eap_user *
230		hostapd_get_eap_user(struct hostapd_data hapd, const u8 identity,
231		size_t identity_len, int phase2)
232	0	{
233	0	const struct hostapd_bss_config *conf = hapd->conf;
234	0	struct hostapd_eap_user *user = conf->eap_user;
235
236	0	#ifdef CONFIG_WPS
237	0	if (conf->wps_state && identity_len == WSC_ID_ENROLLEE_LEN &&
238	0	os_memcmp(identity, WSC_ID_ENROLLEE, WSC_ID_ENROLLEE_LEN) == 0) {
239	0	static struct hostapd_eap_user wsc_enrollee;
240	0	os_memset(&wsc_enrollee, 0, sizeof(wsc_enrollee));
241	0	wsc_enrollee.methods[0].method = eap_server_get_type(
242	0	"WSC", &wsc_enrollee.methods[0].vendor);
243	0	return &wsc_enrollee;
244	0	}
245
246	0	if (conf->wps_state && identity_len == WSC_ID_REGISTRAR_LEN &&
247	0	os_memcmp(identity, WSC_ID_REGISTRAR, WSC_ID_REGISTRAR_LEN) == 0) {
248	0	static struct hostapd_eap_user wsc_registrar;
249	0	os_memset(&wsc_registrar, 0, sizeof(wsc_registrar));
250	0	wsc_registrar.methods[0].method = eap_server_get_type(
251	0	"WSC", &wsc_registrar.methods[0].vendor);
252	0	wsc_registrar.password = (u8 *) conf->ap_pin;
253	0	wsc_registrar.password_len = conf->ap_pin ?
254	0	os_strlen(conf->ap_pin) : 0;
255	0	return &wsc_registrar;
256	0	}
257	0	#endif /* CONFIG_WPS */
258
259	0	while (user) {
260	0	if (!phase2 && user->identity == NULL) {
261		/* Wildcard match */
262	0	break;
263	0	}
264
265	0	if (user->phase2 == !!phase2 && user->wildcard_prefix &&
266	0	identity_len >= user->identity_len &&
267	0	os_memcmp(user->identity, identity, user->identity_len) ==
268	0	0) {
269		/* Wildcard prefix match */
270	0	break;
271	0	}
272
273	0	if (user->phase2 == !!phase2 &&
274	0	user->identity_len == identity_len &&
275	0	os_memcmp(user->identity, identity, identity_len) == 0)
276	0	break;
277	0	user = user->next;
278	0	}
279
280		#ifdef CONFIG_SQLITE
281		if (user == NULL && conf->eap_user_sqlite) {
282		return eap_user_sqlite_get(hapd, identity, identity_len,
283		phase2);
284		}
285		#endif /* CONFIG_SQLITE */
286
287	0	return user;
288	0	}