From 8c70c304720ee882806ba6f70225635d3a20b0b7 Mon Sep 17 00:00:00 2001
From: Jouni Malinen <jouni@codeaurora.org>
Date: Thu, 10 Jan 2019 00:47:04 +0200
Subject: [PATCH] HS 2.0 server: Log new username in eventlog for cert reenroll

Make it easier to find the new username (and the new serial number from
it) when a user entry is renamed at the conclusion of client certificate
re-enrollment sequence.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
---
 hs20/server/spp_server.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/hs20/server/spp_server.c b/hs20/server/spp_server.c
index 216297fd3..bb833bff1 100644
--- a/hs20/server/spp_server.c
+++ b/hs20/server/spp_server.c
@@ -2658,6 +2658,7 @@ static xml_node_t * hs20_spp_update_response(struct hs20_svc *ctx,
 				      dmacc);
 		if (oper == CERT_REENROLL) {
 			char *new_user;
+			char event[200];
 
 			new_user = db_get_session_val(ctx, NULL, NULL,
 						      session_id, "user");
@@ -2678,6 +2679,10 @@ static xml_node_t * hs20_spp_update_response(struct hs20_svc *ctx,
 			debug_print(ctx, 1,
 				    "Update certificate user entry to use the new serial number (old=%s new=%s)",
 				    user, new_user);
+			os_snprintf(event, sizeof(event), "renamed user to: %s",
+				    new_user);
+			hs20_eventlog(ctx, user, realm, session_id, event,
+				      NULL);
 
 			if (db_update_val(ctx, user, realm, "identity",
 					  new_user, 0) < 0 ||