jeltz/hostap
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

HS 2.0R2: Configure OSU client trust root more consistently

Browse source 
Some of the code paths could have ended up ignoring CA file name from
command line due to overly complex way of setting ctx->ca_fname.
Configure this more consistently in osu_client.c as soon as the CA file
name has been determined.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This commit is contained in:
Jouni Malinen 2014-03-17 23:46:12 +02:00 committed by Jouni Malinen
parent 4d65deda7f
commit 40bdceac88
4 changed files with 61 additions and 75 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

26
hs20/client/oma_dm_client.c
View file

@ -1,6 +1,6 @@
/*
* Hotspot 2.0 - OMA DM client
* Copyright (c) 2013, Qualcomm Atheros, Inc.
* Copyright (c) 2013-2014, Qualcomm Atheros, Inc.
*
* This software may be distributed under the terms of the BSD license.
* See README for more details.
@ -909,7 +909,7 @@ static int oma_dm_get_cmdid(struct hs20_osu_client *ctx, xml_node_t *node)
static xml_node_t * oma_dm_send_recv(struct hs20_osu_client *ctx,
const char *url, xml_node_t *syncml,
const char *ext_hdr, const char *ca_fname,
const char *ext_hdr,
const char *username, const char *password,
const char *client_cert,
const char *client_key)
@ -928,7 +928,7 @@ static xml_node_t * oma_dm_send_recv(struct hs20_osu_client *ctx,
os_free(ctx->server_url);
ctx->server_url = os_strdup(url);
res = http_post(ctx->http, url, str, "application/vnd.syncml.dm+xml",
ext_hdr, ca_fname, username, password,
ext_hdr, ctx->ca_fname, username, password,
client_cert, client_key, NULL);
os_free(str);
os_free(resp_uri);
@ -1123,8 +1123,7 @@ static xml_node_t * oma_dm_process(struct hs20_osu_client *ctx, const char *url,
}
int cmd_oma_dm_prov(struct hs20_osu_client *ctx, const char *url,
const char *ca_fname)
int cmd_oma_dm_prov(struct hs20_osu_client *ctx, const char *url)
{
xml_node_t *syncml, *resp;
char *resp_uri = NULL;
@ -1145,8 +1144,7 @@ int cmd_oma_dm_prov(struct hs20_osu_client *ctx, const char *url,
while (syncml) {
resp = oma_dm_send_recv(ctx, resp_uri ? resp_uri : url,
syncml, NULL, ca_fname, NULL, NULL,
NULL, NULL);
syncml, NULL, NULL, NULL, NULL, NULL);
if (resp == NULL)
return -1;
@ -1162,8 +1160,7 @@ int cmd_oma_dm_prov(struct hs20_osu_client *ctx, const char *url,
}
int cmd_oma_dm_sim_prov(struct hs20_osu_client *ctx, const char *url,
const char *ca_fname)
int cmd_oma_dm_sim_prov(struct hs20_osu_client *ctx, const char *url)
{
xml_node_t *syncml, *resp;
char *resp_uri = NULL;
@ -1192,8 +1189,7 @@ int cmd_oma_dm_sim_prov(struct hs20_osu_client *ctx, const char *url,
while (syncml) {
resp = oma_dm_send_recv(ctx, resp_uri ? resp_uri : url,
syncml, NULL, ca_fname, NULL, NULL,
NULL, NULL);
syncml, NULL, NULL, NULL, NULL, NULL);
if (resp == NULL)
return -1;
@ -1223,7 +1219,7 @@ int cmd_oma_dm_sim_prov(struct hs20_osu_client *ctx, const char *url,
void oma_dm_pol_upd(struct hs20_osu_client *ctx, const char *address,
const char *pps_fname, const char *ca_fname,
const char *pps_fname,
const char *client_cert, const char *client_key,
const char *cred_username, const char *cred_password,
xml_node_t *pps)
@ -1242,7 +1238,7 @@ void oma_dm_pol_upd(struct hs20_osu_client *ctx, const char *address,
while (syncml) {
resp = oma_dm_send_recv(ctx, resp_uri ? resp_uri : address,
syncml, NULL, ca_fname, cred_username,
syncml, NULL, cred_username,
cred_password, client_cert, client_key);
if (resp == NULL)
return;
@ -1270,7 +1266,7 @@ void oma_dm_pol_upd(struct hs20_osu_client *ctx, const char *address,
void oma_dm_sub_rem(struct hs20_osu_client *ctx, const char *address,
const char *pps_fname, const char *ca_fname,
const char *pps_fname,
const char *client_cert, const char *client_key,
const char *cred_username, const char *cred_password,
xml_node_t *pps)
@ -1289,7 +1285,7 @@ void oma_dm_sub_rem(struct hs20_osu_client *ctx, const char *address,
while (syncml) {
resp = oma_dm_send_recv(ctx, resp_uri ? resp_uri : address,
syncml, NULL, ca_fname, cred_username,
syncml, NULL, cred_username,
cred_password, client_cert, client_key);
if (resp == NULL)
return;

58
hs20/client/osu_client.c
View file

@ -1,6 +1,6 @@
/*
* Hotspot 2.0 OSU client
* Copyright (c) 2012-2013, Qualcomm Atheros, Inc.
* Copyright (c) 2012-2014, Qualcomm Atheros, Inc.
*
* This software may be distributed under the terms of the BSD license.
* See README for more details.
@ -1993,7 +1993,7 @@ static struct osu_data * parse_osu_providers(const char *fname, size_t *count)
static int osu_connect(struct hs20_osu_client *ctx, const char *bssid,
const char *ssid, const char *url, const char *ca_fname,
const char *ssid, const char *url,
unsigned int methods, int no_prod_assoc,
const char *osu_nai)
{
@ -2068,9 +2068,9 @@ static int osu_connect(struct hs20_osu_client *ctx, const char *bssid,
ctx->no_reconnect = 1;
if (methods & 0x02)
res = cmd_prov(ctx, url, ca_fname);
res = cmd_prov(ctx, url);
else if (methods & 0x01)
res = cmd_oma_dm_prov(ctx, url, ca_fname);
res = cmd_oma_dm_prov(ctx, url);
wpa_printf(MSG_INFO, "Remove OSU network connection");
write_summary(ctx, "Remove OSU network connection");
@ -2093,7 +2093,7 @@ static int osu_connect(struct hs20_osu_client *ctx, const char *bssid,
static int cmd_osu_select(struct hs20_osu_client *ctx, const char *dir,
int connect, const char *ca_fname, int no_prod_assoc,
int connect, int no_prod_assoc,
const char *friendly_name)
{
char fname[255];
@ -2264,14 +2264,14 @@ selected:
if (connect == 2) {
if (last->methods & 0x02)
ret = cmd_prov(ctx, last->url, ca_fname);
ret = cmd_prov(ctx, last->url);
else if (last->methods & 0x01)
ret = cmd_oma_dm_prov(ctx, last->url, ca_fname);
ret = cmd_oma_dm_prov(ctx, last->url);
else
ret = -1;
} else if (connect)
ret = osu_connect(ctx, last->bssid, last->osu_ssid,
last->url, ca_fname, last->methods,
last->url, last->methods,
no_prod_assoc, last->osu_nai);
} else
ret = -1;
@ -2282,8 +2282,8 @@ selected:
}
static int cmd_signup(struct hs20_osu_client *ctx, const char *ca_fname,
int no_prod_assoc, const char *friendly_name)
static int cmd_signup(struct hs20_osu_client *ctx, int no_prod_assoc,
const char *friendly_name)
{
char dir[255];
char fname[300], buf[400];
@ -2334,8 +2334,7 @@ static int cmd_signup(struct hs20_osu_client *ctx, const char *ca_fname,
}
wpa_printf(MSG_INFO, "OSU provider fetch completed");
return cmd_osu_select(ctx, fname, 1, ca_fname, no_prod_assoc,
friendly_name);
return cmd_osu_select(ctx, fname, 1, no_prod_assoc, friendly_name);
}
@ -2354,8 +2353,6 @@ static void cmd_sub_rem(struct hs20_osu_client *ctx, const char *address,
char *client_key = NULL;
int spp;
ctx->ca_fname = ca_fname;
wpa_printf(MSG_INFO, "Subscription remediation requested with Server URL: %s",
address);
@ -2399,6 +2396,7 @@ static void cmd_sub_rem(struct hs20_osu_client *ctx, const char *address,
return;
}
wpa_printf(MSG_INFO, "Using server trust root: %s", ca_fname);
ctx->ca_fname = ca_fname;
pps = node_from_file(ctx->xml, pps_fname);
if (pps == NULL) {
@ -2482,11 +2480,11 @@ static void cmd_sub_rem(struct hs20_osu_client *ctx, const char *address,
}
if (spp)
spp_sub_rem(ctx, address, pps_fname, ca_fname,
spp_sub_rem(ctx, address, pps_fname,
client_cert, client_key,
cred_username, cred_password, pps);
else
oma_dm_sub_rem(ctx, address, pps_fname, ca_fname,
oma_dm_sub_rem(ctx, address, pps_fname,
client_cert, client_key,
cred_username, cred_password, pps);
@ -2555,6 +2553,7 @@ static int cmd_pol_upd(struct hs20_osu_client *ctx, const char *address,
return -1;
}
wpa_printf(MSG_INFO, "Using server trust root: %s", ca_fname);
ctx->ca_fname = ca_fname;
pps = node_from_file(ctx->xml, pps_fname);
if (pps == NULL) {
@ -2628,11 +2627,11 @@ static int cmd_pol_upd(struct hs20_osu_client *ctx, const char *address,
}
if (spp)
spp_pol_upd(ctx, address, pps_fname, ca_fname,
spp_pol_upd(ctx, address, pps_fname,
client_cert, client_key,
cred_username, cred_password, pps);
else
oma_dm_pol_upd(ctx, address, pps_fname, ca_fname,
oma_dm_pol_upd(ctx, address, pps_fname,
client_cert, client_key,
cred_username, cred_password, pps);
@ -3077,13 +3076,15 @@ int main(int argc, char *argv[])
usage();
exit(0);
}
cmd_prov(&ctx, argv[optind + 1], argv[optind + 2]);
ctx.ca_fname = argv[optind + 2];
cmd_prov(&ctx, argv[optind + 1]);
} else if (strcmp(argv[optind], "sim_prov") == 0) {
if (argc - optind < 2) {
usage();
exit(0);
}
cmd_sim_prov(&ctx, argv[optind + 1], argv[optind + 2]);
ctx.ca_fname = argv[optind + 2];
cmd_sim_prov(&ctx, argv[optind + 1]);
} else if (strcmp(argv[optind], "dl_osu_ca") == 0) {
if (argc - optind < 2) {
usage();
@ -3107,13 +3108,11 @@ int main(int argc, char *argv[])
usage();
exit(0);
}
cmd_osu_select(&ctx, argv[optind + 1], 2,
argc > optind + 2 ? argv[optind + 2] : NULL,
1, NULL);
ctx.ca_fname = argc > optind + 2 ? argv[optind + 2] : NULL;
cmd_osu_select(&ctx, argv[optind + 1], 2, 1, NULL);
} else if (strcmp(argv[optind], "signup") == 0) {
ret = cmd_signup(&ctx,
argc > optind + 1 ? argv[optind + 1] : NULL,
no_prod_assoc, friendly_name);
ctx.ca_fname = argc > optind + 1 ? argv[optind + 1] : NULL;
ret = cmd_signup(&ctx, no_prod_assoc, friendly_name);
} else if (strcmp(argv[optind], "set_pps") == 0) {
if (argc - optind < 2) {
usage();
@ -3131,14 +3130,15 @@ int main(int argc, char *argv[])
usage();
exit(0);
}
cmd_oma_dm_prov(&ctx, argv[optind + 1], argv[optind + 2]);
ctx.ca_fname = argv[optind + 2];
cmd_oma_dm_prov(&ctx, argv[optind + 1]);
} else if (strcmp(argv[optind], "oma_dm_sim_prov") == 0) {
if (argc - optind < 2) {
usage();
exit(0);
}
if (cmd_oma_dm_sim_prov(&ctx, argv[optind + 1],
argv[optind + 2]) < 0) {
ctx.ca_fname = argv[optind + 2];
if (cmd_oma_dm_sim_prov(&ctx, argv[optind + 1]) < 0) {
write_summary(&ctx, "Failed to complete OMA DM SIM provisioning");
return -1;
}

24
hs20/client/osu_client.h
View file

@ -1,6 +1,6 @@
/*
* Hotspot 2.0 - OSU client
* Copyright (c) 2013, Qualcomm Atheros, Inc.
* Copyright (c) 2013-2014, Qualcomm Atheros, Inc.
*
* This software may be distributed under the terms of the BSD license.
* See README for more details.
@ -73,39 +73,35 @@ void cmd_set_pps(struct hs20_osu_client *ctx, const char *pps_fname);
/* spp_client.c */
void spp_sub_rem(struct hs20_osu_client *ctx, const char *address,
const char *pps_fname, const char *ca_fname,
const char *pps_fname,
const char *client_cert, const char *client_key,
const char *cred_username, const char *cred_password,
xml_node_t *pps);
void spp_pol_upd(struct hs20_osu_client *ctx, const char *address,
const char *pps_fname, const char *ca_fname,
const char *pps_fname,
const char *client_cert, const char *client_key,
const char *cred_username, const char *cred_password,
xml_node_t *pps);
int cmd_prov(struct hs20_osu_client *ctx, const char *url,
const char *ca_fname);
int cmd_sim_prov(struct hs20_osu_client *ctx, const char *url,
const char *ca_fname);
int cmd_prov(struct hs20_osu_client *ctx, const char *url);
int cmd_sim_prov(struct hs20_osu_client *ctx, const char *url);
/* oma_dm_client.c */
int cmd_oma_dm_prov(struct hs20_osu_client *ctx, const char *url,
const char *ca_fname);
int cmd_oma_dm_sim_prov(struct hs20_osu_client *ctx, const char *url,
const char *ca_fname);
int cmd_oma_dm_prov(struct hs20_osu_client *ctx, const char *url);
int cmd_oma_dm_sim_prov(struct hs20_osu_client *ctx, const char *url);
void oma_dm_sub_rem(struct hs20_osu_client *ctx, const char *address,
const char *pps_fname, const char *ca_fname,
const char *pps_fname,
const char *client_cert, const char *client_key,
const char *cred_username, const char *cred_password,
xml_node_t *pps);
void oma_dm_pol_upd(struct hs20_osu_client *ctx, const char *address,
const char *pps_fname, const char *ca_fname,
const char *pps_fname,
const char *client_cert, const char *client_key,
const char *cred_username, const char *cred_password,
xml_node_t *pps);
void cmd_oma_dm_sub_rem(struct hs20_osu_client *ctx, const char *address,
const char *pps_fname, const char *ca_fname);
const char *pps_fname);
void cmd_oma_dm_add(struct hs20_osu_client *ctx, const char *pps_fname,
const char *add_fname);
void cmd_oma_dm_replace(struct hs20_osu_client *ctx, const char *pps_fname,

28
hs20/client/spp_client.c
View file

@ -1,6 +1,6 @@
/*
* Hotspot 2.0 SPP client
* Copyright (c) 2012-2013, Qualcomm Atheros, Inc.
* Copyright (c) 2012-2014, Qualcomm Atheros, Inc.
*
* This software may be distributed under the terms of the BSD license.
* See README for more details.
@ -776,7 +776,7 @@ static int spp_post_dev_data(struct hs20_osu_client *ctx,
void spp_sub_rem(struct hs20_osu_client *ctx, const char *address,
const char *pps_fname, const char *ca_fname,
const char *pps_fname,
const char *client_cert, const char *client_key,
const char *cred_username, const char *cred_password,
xml_node_t *pps)
@ -787,7 +787,7 @@ void spp_sub_rem(struct hs20_osu_client *ctx, const char *address,
os_free(ctx->server_url);
ctx->server_url = os_strdup(address);
if (soap_init_client(ctx->http, address, ca_fname,
if (soap_init_client(ctx->http, address, ctx->ca_fname,
cred_username, cred_password, client_cert,
client_key) == 0) {
spp_post_dev_data(ctx, SPP_SUBSCRIPTION_REMEDIATION,
@ -923,7 +923,7 @@ static int hs20_spp_update_response(struct hs20_osu_client *ctx,
void spp_pol_upd(struct hs20_osu_client *ctx, const char *address,
const char *pps_fname, const char *ca_fname,
const char *pps_fname,
const char *client_cert, const char *client_key,
const char *cred_username, const char *cred_password,
xml_node_t *pps)
@ -934,7 +934,7 @@ void spp_pol_upd(struct hs20_osu_client *ctx, const char *address,
os_free(ctx->server_url);
ctx->server_url = os_strdup(address);
if (soap_init_client(ctx->http, address, ca_fname, cred_username,
if (soap_init_client(ctx->http, address, ctx->ca_fname, cred_username,
cred_password, client_cert, client_key) == 0) {
spp_post_dev_data(ctx, SPP_POLICY_UPDATE, "Policy update",
pps_fname, pps);
@ -942,14 +942,11 @@ void spp_pol_upd(struct hs20_osu_client *ctx, const char *address,
}
int cmd_prov(struct hs20_osu_client *ctx, const char *url,
const char *ca_fname)
int cmd_prov(struct hs20_osu_client *ctx, const char *url)
{
unlink("Cert/est_cert.der");
unlink("Cert/est_cert.pem");
ctx->ca_fname = ca_fname;
if (url == NULL) {
wpa_printf(MSG_INFO, "Invalid prov command (missing URL)");
return -1;
@ -960,8 +957,8 @@ int cmd_prov(struct hs20_osu_client *ctx, const char *url,
os_free(ctx->server_url);
ctx->server_url = os_strdup(url);
if (soap_init_client(ctx->http, url, ca_fname, NULL, NULL, NULL, NULL) <
0)
if (soap_init_client(ctx->http, url, ctx->ca_fname, NULL, NULL, NULL,
NULL) < 0)
return -1;
spp_post_dev_data(ctx, SPP_SUBSCRIPTION_REGISTRATION,
"Subscription registration", NULL, NULL);
@ -970,11 +967,8 @@ int cmd_prov(struct hs20_osu_client *ctx, const char *url,
}
int cmd_sim_prov(struct hs20_osu_client *ctx, const char *url,
const char *ca_fname)
int cmd_sim_prov(struct hs20_osu_client *ctx, const char *url)
{
ctx->ca_fname = ca_fname;
if (url == NULL) {
wpa_printf(MSG_INFO, "Invalid prov command (missing URL)");
return -1;
@ -991,8 +985,8 @@ int cmd_sim_prov(struct hs20_osu_client *ctx, const char *url,
wpa_printf(MSG_INFO, "Could not get IP address for WLAN - try connection anyway");
}
if (soap_init_client(ctx->http, url, ca_fname, NULL, NULL, NULL, NULL) <
0)
if (soap_init_client(ctx->http, url, ctx->ca_fname, NULL, NULL, NULL,
NULL) < 0)
return -1;
spp_post_dev_data(ctx, SPP_SUBSCRIPTION_REGISTRATION,
"Subscription provisioning", NULL, NULL);